CVE-2007-4133

Name of the Vulnerable Software and Affected Versions: Debian GNU/Linux kernel-patch-openvz (affected versions not specified) Linux kernel versions prior to 2.6.19-rc4

Description: The issue concerns multiple vulnerabilities in the kernel-patch-openvz package of Debian GNU/Linux and the Linux kernel, which can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. The Linux kernel vulnerabilities are related to the hugetlb vmtruncate list and hugetlb vmtruncate functions in fs/hugetlbfs/inode.c, where certain calculations are performed using HPAGE SIZE instead of PAGE SIZE units, allowing local users to cause a denial of service via unspecified vectors.

Recommendations: For Debian GNU/Linux kernel-patch-openvz, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel versions prior to 2.6.19-rc4, update to version 2.6.19-rc4 or later to resolve the issue. As a temporary workaround, consider restricting access to the hugetlb vmtruncate list and hugetlb vmtruncate functions to minimize the risk of exploitation.