#VU95207 Integer overflow in Linux kernel - CVE-2007-6712
Vulnerability identifier: #VU95207
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-190
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/?p=linux/kernel/git/chris/linux-2.6.git;a=commitdiff;h=13788ccc41ceea5893f9c747c59bc0b28f2416c2
https://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
https://secunia.com/advisories/30294
https://secunia.com/advisories/30368
https://secunia.com/advisories/30818
https://secunia.com/advisories/31107
https://secunia.com/advisories/31628
https://www.debian.org/security/2008/dsa-1588
https://www.redhat.com/support/errata/RHSA-2008-0275.html
https://www.redhat.com/support/errata/RHSA-2008-0585.html
https://www.securityfocus.com/bid/29294
https://www.ubuntu.com/usn/usn-625-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/41827
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9210
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
