Linux amd64 kernel vulnerability

2004-12-1700:00:00

ubuntu.com

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

29.2%

JSON

Releases

Ubuntu 4.10

Details

USN-30-1 fixed several flaws in the Linux ELF binary loader’s handling
of setuid binaries. Unfortunately it was found that these patches were
not sufficient to prevent all possible attacks on 64-bit platforms, so
previous amd64 kernel images were still vulnerable to root privilege
escalation if setuid binaries were run under certain conditions.

This issue does not affect the i386 and powerpc platforms.

OSVersionArchitecturePackageVersionFilename
Ubuntu4.10noarchlinux-image-2.6.8.1-4-amd64-k8< *UNKNOWN
Ubuntu4.10noarchlinux-image-2.6.8.1-4-amd64-generic< *UNKNOWN
Ubuntu4.10noarchlinux-image-2.6.8.1-4-amd64-k8-smp< *UNKNOWN
Ubuntu4.10noarchlinux-image-2.6.8.1-4-amd64-xeon< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	4.10	noarch	linux-image-2.6.8.1-4-amd64-k8	< *	UNKNOWN
Ubuntu	4.10	noarch	linux-image-2.6.8.1-4-amd64-generic	< *	UNKNOWN
Ubuntu	4.10	noarch	linux-image-2.6.8.1-4-amd64-k8-smp	< *	UNKNOWN
Ubuntu	4.10	noarch	linux-image-2.6.8.1-4-amd64-xeon	< *	UNKNOWN