SB2007071101 - Input validation error in Linux kernel
Published: July 11, 2007
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2007-3107)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform service disruption.
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. This vulnerability affects Linux kernel 2.6.2 and later, when run on PowerPC systems using HTX.
Remediation
Install update from vendor's website.
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245580
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
- http://osvdb.org/37118
- http://secunia.com/advisories/25955
- http://secunia.com/advisories/25963
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/27227
- http://secunia.com/advisories/28706
- http://www.novell.com/linux/security/advisories/2007_51_kernel.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://www.redhat.com/support/errata/RHSA-2007-0595.html
- http://www.securityfocus.com/bid/24845
- http://www.securitytracker.com/id?1018347
- http://www.ubuntu.com/usn/usn-574-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35383
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9936