Input validation error in Linux kernel - CVE-2007-3107
Published: July 11, 2007 / Updated: October 11, 2017
Vulnerability identifier: #VU94173
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2007-3107
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform service disruption.
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. This vulnerability affects Linux kernel 2.6.2 and later, when run on PowerPC systems using HTX.
How to mitigate CVE-2007-3107
Install update from vendor's website.
Sources
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245580
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
- http://osvdb.org/37118
- http://secunia.com/advisories/25955
- http://secunia.com/advisories/25963
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/27227
- http://secunia.com/advisories/28706
- http://www.novell.com/linux/security/advisories/2007_51_kernel.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://www.redhat.com/support/errata/RHSA-2007-0595.html
- http://www.securityfocus.com/bid/24845
- http://www.securitytracker.com/id?1018347
- http://www.ubuntu.com/usn/usn-574-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35383
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9936