CVE-2007-2875

Name of the Vulnerable Software and Affected Versions openSUSE versions prior to 2.6.20.13 openSUSE versions prior to 2.6.21.4 SUSE Linux Enterprise (affected versions not specified) Linux kernel versions prior to 2.6.20.13 Linux kernel versions prior to 2.6.21.4

Description The issue is related to multiple vulnerabilities in various packages of openSUSE and SUSE Linux Enterprise operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. The vulnerabilities are found in packages such as multipath-tools, k athlon, k debug, k page-64k, open-iscsi, kernel-xen-nongpl, km nss, k numa, k smp, k psmp, kernel-iseries64-tools, kernel-default-nongpl, kernel-update-tool, kernel-smp-nongpl, k deflt, Intel-536ep, k itanium2, k itanium2-smp, kernel-um-nongpl, kernel-bigsmp-nongpl. An integer underflow in the cpuset tasks read function in the Linux kernel before 2.6.20.13 and 2.6.21.x before 2.6.21.4 allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

Recommendations For openSUSE versions prior to 2.6.20.13, update to a version 2.6.20.13 or later. For openSUSE versions prior to 2.6.21.4, update to a version 2.6.21.4 or later. For SUSE Linux Enterprise, update to a version that contains the fix for this issue, as the exact affected versions are not specified. For Linux kernel versions prior to 2.6.20.13, update to a version 2.6.20.13 or later. For Linux kernel versions prior to 2.6.21.4, update to a version 2.6.21.4 or later. As a temporary workaround, consider restricting access to the /dev/cpuset/tasks file to minimize the risk of exploitation.