CVE-2007-4130 — Improper Input Validation in Redhat Enterprise Linux

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 86.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Redhat Enterprise Linux Desktop

Timeline

PublishedFeb 5

Latest updateMay 1

Description

The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/enterprise_linux_desktop4

Also affects: Enterprise Linux 4.0

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-w57x-j39p-mpp8: The Linux kernel 2↗2022-05-01

▶

📋Vendor Advisories

Red Hat

panic caused by set_mempolicy with MPOL_BIND↗2006-02-01

▶

💬Community

Bugzilla

CVE-2007-4130 panic caused by set_mempolicy with MPOL_BIND↗2006-02-01

▶