CVE-2006-0744

Sažetak

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.

Reference

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5
http://lwn.net/Alerts/180820/
http://secunia.com/advisories/19639
http://secunia.com/advisories/19735
http://secunia.com/advisories/20157
http://secunia.com/advisories/20237
http://secunia.com/advisories/20398
http://secunia.com/advisories/20716
http://secunia.com/advisories/20914
http://secunia.com/advisories/21136
http://secunia.com/advisories/21179
http://secunia.com/advisories/21498
http://secunia.com/advisories/21745
http://secunia.com/advisories/21983
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
http://www.debian.org/security/2006/dsa-1103
http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.novell.com/linux/security/advisories/2006_42_kernel.html
http://www.novell.com/linux/security/advisories/2006_47_kernel.html
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.osvdb.org/24639
http://www.redhat.com/support/errata/RHSA-2006-0437.html
http://www.redhat.com/support/errata/RHSA-2006-0493.html
http://www.securityfocus.com/bid/17541
http://www.ubuntu.com/usn/usn-302-1
http://www.vupen.com/english/advisories/2006/1390
http://www.vupen.com/english/advisories/2006/1475
http://www.vupen.com/english/advisories/2006/2554
https://exchange.xforce.ibmcloud.com/vulnerabilities/25869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9732

CVSS

Base:	4.9
Impact:	6.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

30-10-2018 - 16:26

Objavljeno

18-04-2006 - 10:02