Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 214184 (CVE-2007-3731)

Summary: kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (CVE-2007-3731)
Product: Gentoo Security Reporter: unnamedrambler
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bernd, chainsaw, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.debian.org/security/2007/dsa-1378
Whiteboard: [linux < 2.6.22.19][genpatches < 2.6.23-1]
Package list:
Runtime testing required: ---

Description unnamedrambler 2008-03-21 23:26:33 UTC 
+++ This bug was initially created as a clone of Bug #194075 +++

CVE-2007-3731:
  The Linux kernel 2.6.20 and 2.6.21 does not properly handle an
  invalid LDT segment selector in %cs (the xcs field) during ptrace
  single-step operations, which allows local users to cause a denial
  of service (NULL dereference and OOPS) via certain code that makes
  ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to
  the TRACE_IRQS_ON function, and possibly related to the arch_ptrace
  function.
Comment 1 unnamedrambler 2008-03-21 23:59:20 UTC 
*** Bug 194075 has been marked as a duplicate of this bug. ***