Skip to navigation

CVE Database

CVE-2007-4573

Impact: Important
Public: 2007-09-21
Bugzilla: 294541: CVE-2007-4573 x86_64 syscall vulnerability

Details

The MITRE CVE dictionary describes this issue as:

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

Find out more about CVE-2007-4573 from the MITRE CVE dictionary and NIST NVD.

Statement

This issue affected users who were running 64-bit versions of Red Hat Enterprise Linux 3, 4, or 5 on x86_64 architecture. It did not affect users of Red Hat Enterprise Linux 2.1.

Updates are available for Red Hat Enterprise Linux 3, 4, and 5 to correct this issue. New kernel packages along with our advisory are available at the URL below as well as via the Red Hat Network. http://rhn.redhat.com/errata/CVE-2007-4573.html

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 3 (kernel) RHSA-2007:0938 September 27, 2007
Red Hat Enterprise Linux version 4 (kernel) RHSA-2007:0937 September 27, 2007
Red Hat Enterprise Linux version 5 (kernel) RHSA-2007:0936 September 27, 2007

External References

Acknowledgements

Red Hat would like to thank Wojciech Purczynski for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.