Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task.
http://secunia.com/advisories/24098
http://secunia.com/advisories/25691
http://secunia.com/advisories/26620
http://secunia.com/advisories/26994
http://secunia.com/advisories/32485
http://www.debian.org/security/2007/dsa-1381
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.18-git13.log
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
http://www.redhat.com/support/errata/RHSA-2008-0957.html
http://www.securityfocus.com/archive/1/471457
http://www.securityfocus.com/bid/26060
http://www.ubuntu.com/usn/usn-416-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9554
Source: MITRE
Published: 2006-12-31
Updated: 2017-10-11
Type: NVD-CWE-Other
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.17 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
67758 | Oracle Linux 5 : kernel (ELSA-2008-0957) | Nessus | Oracle Linux Local Security Checks | high |
60488 | Scientific Linux Security Update : kernel on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
43713 | CentOS 5 : kernel (CESA-2008:0957) | Nessus | CentOS Local Security Checks | high |
34690 | RHEL 5 : kernel (RHSA-2008:0957) | Nessus | Red Hat Local Security Checks | high |
28005 | Ubuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/2.6.15/2.6.17 vulnerabilities (USN-416-1) | Nessus | Ubuntu Local Security Checks | high |
27981 | Ubuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities (USN-395-1) | Nessus | Ubuntu Local Security Checks | high |
26211 | Debian DSA-1381-2 : linux-2.6 - several vulnerabilities | Nessus | Debian Local Security Checks | high |
25968 | Mandrake Linux Security Advisory : kernel (MDKSA-2007:171) | Nessus | Mandriva Local Security Checks | high |
801458 | CentOS RHSA-2008-0957 Security Check | Log Correlation Engine | Generic | high |