CVE-2007-3731

Description

The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function.

CVSS Metrics

• v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.12%• Percentile: 30%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• linux•linux_kernel

  2.6.20 | 2.6.21

References (18)

• http://www.securityfocus.com/bid/25801
• http://bugzilla.kernel.org/show_bug.cgi?id=8765
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=a10d9a71bafd3a283da240d2868e71346d2aef6f
• http://osvdb.org/37286
• http://www.redhat.com/support/errata/RHSA-2007-0940.html
• http://secunia.com/advisories/29159
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=29eb51101c02df517ca64ec472d7501127ad1da8
• http://secunia.com/advisories/27322
• http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094
• http://secunia.com/advisories/26978
• http://www.securityfocus.com/archive/1/488972/100/0/threaded
• https://issues.rpath.com/browse/RPL-2304
• http://www.ubuntu.com/usn/usn-518-1
• http://secunia.com/advisories/26955
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10394
• https://bugzilla.redhat.com/show_bug.cgi?id=248324
• http://secunia.com/advisories/26935
• http://www.debian.org/security/2007/dsa-1378