ID CVE-2008-4410
Summary The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.26.5:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.26.5:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 08-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 31565
confirm http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=de59985e3a623d4d5d6207f1777398ca0606ab1c
fedora
  • FEDORA-2008-8929
  • FEDORA-2008-8980
mlist [oss-security] 20081003 CVE request: kernel: x86: Fix broken LDT access in VMI
osvdb 48743
secunia
  • 32124
  • 32386
suse SUSE-SA:2008:053
xf linux-kernel-vmiwriteldtentry-dos(45687)
statements via4
contributor Joshua Bressers
lastmodified 2017-08-07
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
Last major update 08-08-2017 - 01:32
Published 03-10-2008 - 17:41
Back to Top