CVE-2001-1391

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux kernel-image-2.2.19-amiga version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-atari version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-bvme6000 version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-chrp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-compact version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-generic version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-ide version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-idepci version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-jensen version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mac version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mvme147 version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mvme16x version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-nautilus version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-pmac version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-prep version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-smp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4cdm version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4dm-pci version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4dm-smp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4u version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4u-smp version 2.2.19 Red Hat Linux kernel-patch-2.2.19-m68k version 2.2.19 Red Hat Linux kernel-patch-2.2.19-powerpc version 2.2.19 Red Hat Linux losetup-2.10r-0.6.x version 2.10r-0.6.x Red Hat Linux losetup-2.10r-5 version 2.10r-5 Red Hat Linux mount-2.10r-0.6.x version 2.10r-0.6.x Red Hat Linux mount-2.10r-5 version 2.10r-5 Red Hat Linux nfs-utils-0.3.1 version 0.3.1

Description The issue affects multiple packages of Debian GNU/Linux and Red Hat Linux operating systems, allowing for remote exploitation that may lead to a breach of confidentiality, integrity, and availability of protected information. An off-by-one vulnerability in the CPIA driver of the Linux kernel before version 2.2.19 enables users to modify kernel memory.

Recommendations As a temporary workaround, consider disabling the CPIA driver until a patch is available. Restrict access to the kernel memory to minimize the risk of exploitation. Update the kernel to version 2.2.19 or later to resolve the issue. For each affected package, update to a version that is not vulnerable to the off-by-one vulnerability in the CPIA driver. For Red Hat Linux, update the losetup, mount, and nfs-utils packages to versions that are not vulnerable. For Debian GNU/Linux, update the kernel-image packages to versions that are not vulnerable.