{
  "threat_severity" : "Important",
  "public_date" : "2010-09-15T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: IA32 System Call Entry Point Vulnerability",
    "id" : "634449",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=634449"
  },
  "cvss" : {
    "cvss_base_score" : "7.2",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-681->CWE-119",
  "details" : [ "The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register.  NOTE: this vulnerability exists because of a CVE-2007-4573 regression." ],
  "statement" : "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not contain the upstream commit d4d67150 that introduced this flaw.\nMore information can be found in this kbase: https://access.redhat.com/kb/docs/DOC-40330",
  "acknowledgement" : "Red Hat would like to thank Ben Hawkes for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2010-11-10T00:00:00Z",
    "advisory" : "RHSA-2010:0842",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-71.7.1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-3301\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3301" ],
  "name" : "CVE-2010-3301",
  "csaw" : false
}