SB2001041702 - Out-of-bounds write in Linux kernel
Published: April 17, 2001
Security Bulletin ID
SB2001041702
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2001-1399)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to corrupt data.
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka 'User access asm bug on x86.'
Remediation
Install update from vendor's website.
References
- http://marc.info/?l=bugtraq&m=98575345009963&w=2
- http://marc.info/?l=bugtraq&m=98637996127004&w=2
- http://marc.info/?l=bugtraq&m=98653252326445&w=2
- http://marc.info/?l=bugtraq&m=98684172109474&w=2
- http://marc.info/?l=bugtraq&m=98759029811377&w=2
- http://marc.info/?l=bugtraq&m=98775114228203&w=2
- http://marc.info/?l=bugtraq&m=99013830726309&w=2
- http://www.linux.org.uk/VERSION/relnotes.2219.html
- http://www.redhat.com/support/errata/RHSA-2001-047.html
- https://www.debian.org/security/2001/dsa-047