The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | * | 2.6.28.7 (including) |
| MRG for RHEL-5 | RedHat | kernel-rt-0:2.6.24.7-111.el5rt | * |
| Red Hat Enterprise Linux 4 | RedHat | kernel-0:2.6.9-78.0.22.EL | * |
| Red Hat Enterprise Linux 5 | RedHat | kernel-0:2.6.18-128.1.10.el5 | * |
| Red Hat Enterprise Linux 5.2 Z Stream | RedHat | kernel-0:2.6.18-92.1.35.el5 | * |
| Linux | Ubuntu | hardy | * |
| Linux | Ubuntu | intrepid | * |
| Linux-source-2.6.15 | Ubuntu | dapper | * |
| Linux-source-2.6.22 | Ubuntu | gutsy | * |