4.9
CVE-2007-3731
- EPSS 0.51%
- Veröffentlicht 17.09.2007 17:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:36
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version2.6.20
Linux ≫ Linux Kernel Version2.6.21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.395 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/27322
http://www.redhat.com/support/errata/RHSA-2007-0940.html
http://secunia.com/advisories/26978
http://www.debian.org/security/2007/dsa-1378
http://secunia.com/advisories/26955
http://www.ubuntu.com/usn/usn-518-1
http://bugzilla.kernel.org/show_bug.cgi?id=8765
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=29eb51101c02df517ca64ec472d7501127ad1da8
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=a10d9a71bafd3a283da240d2868e71346d2aef6f
http://osvdb.org/37286
http://secunia.com/advisories/26935
http://secunia.com/advisories/29159
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094
http://www.securityfocus.com/archive/1/488972/100/0/threaded
http://www.securityfocus.com/bid/25801
https://bugzilla.redhat.com/show_bug.cgi?id=248324
https://issues.rpath.com/browse/RPL-2304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10394