Public Date:
294541: CVE-2007-4573 x86_64 syscall vulnerability

The MITRE CVE dictionary describes this issue as:

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

Find out more about CVE-2007-4573 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue affected users who were running 64-bit versions of Red Hat Enterprise Linux 3, 4, or 5 on x86_64 architecture. It did not affect users of Red Hat Enterprise Linux 2.1.

Updates are available for Red Hat Enterprise Linux 3, 4, and 5 to correct this issue. New kernel packages along with our advisory are available at the URL below as well as via the Red Hat Network.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (kernel) RHSA-2007:0938 2007-09-27
Red Hat Enterprise Linux 4 (kernel) RHSA-2007:0937 2007-09-27
Red Hat Enterprise Linux 5 (kernel) RHSA-2007:0936 2007-09-27


Red Hat would like to thank Wojciech Purczynski for reporting this issue.
Last Modified

CVE description copyright © 2017, The MITRE Corporation