CVE-2001-1393

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux kernel-image-2.2.19 versions prior to 2.2.19 Debian GNU/Linux kernel-image-2.2.19-amiga version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-atari version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-bvme6000 version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-chrp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-compact version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-generic version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-ide version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-idepci version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-jensen version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mac version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mvme147 version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mvme16x version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-nautilus version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-pmac version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-prep version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-smp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4cdm version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4dm-pci version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4dm-smp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4u version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4u-smp version 2.2.19 Red Hat Linux mount-2.10r-0.6.x version 2.10r-0.6.x Red Hat Linux mount-2.10r-5 version 2.10r-5 Red Hat Linux losetup-2.10r-0.6.x version 2.10r-0.6.x Red Hat Linux losetup-2.10r-5 version 2.10r-5 Red Hat Linux nfs-utils-0.3.1 version 0.3.1

Description The issue affects multiple packages in Debian GNU/Linux and Red Hat Linux, potentially leading to confidentiality, integrity, and availability breaches. Exploitation can be done remotely. According to Mitre, there is an unknown vulnerability in the classifier code for Linux kernel before 2.2.19, which could result in a denial of service (hang).

Recommendations As a temporary workaround, consider disabling the vulnerable kernel-image packages until a patch is available. Restrict access to the vulnerable mount, losetup, and nfs-utils packages to minimize the risk of exploitation. Avoid using the vulnerable kernel-image packages in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.