CVE-2001-1392

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4dm-pci version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4dm-smp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mac version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-ide version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-atari version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-amiga version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-bvme6000 version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-compact version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-chrp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-generic version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-idepci version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-jensen version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mvme147 version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mvme16x version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-nautilus version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-pmac version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-prep version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-smp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4cdm version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4u version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4u-smp version 2.2.19 Red Hat Linux mount-2.10r-0.6.x version 2.10r-0.6.x Red Hat Linux mount-2.10r-5 version 2.10r-5 Red Hat Linux losetup-2.10r-0.6.x version 2.10r-0.6.x Red Hat Linux losetup-2.10r-5 version 2.10r-5 Red Hat Linux nfs-utils-0.3.1 version 0.3.1

Description The Linux kernel has multiple vulnerabilities that can be exploited remotely, leading to a disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can cause a denial-of-service (crash) by unloading and reloading drivers.

Recommendations As a temporary workaround, consider disabling the CPUID and MSR drivers until a patch is available. Restrict access to the vulnerable kernel modules to minimize the risk of exploitation. Update the Linux kernel to a version later than 2.2.19. For Debian GNU/Linux, update the kernel-image package to a version later than 2.2.19. For Red Hat Linux, update the mount, losetup, and nfs-utils packages to versions later than 2.10r-5, 2.10r-5, and 0.3.1 respectively.