Information exposure in Linux kernel - CVE-2007-3850
Published: October 23, 2007 / Updated: February 13, 2023
Vulnerability identifier: #VU95218
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2007-3850
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.
How to mitigate CVE-2007-3850
Install update from vendor's repository.
Sources
- http://rhn.redhat.com/errata/RHSA-2007-0940.html
- http://www.securityfocus.com/bid/26161
- http://secunia.com/advisories/27322
- http://osvdb.org/45488
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10793
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=721151d004dcf01a71b12bb6b893f9160284cf6e