The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
2009-03-06T11:30:02.627
2025-04-09T00:30:58.490
Deferred
CVSSv2: 3.6 (LOW)
AV:L/AC:L/Au:N/C:P/I:P/A:N
3.9
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | ≤ 2.6.28.7 | Yes |
| Operating System | debian | debian_linux | 4.0 | Yes |
| Operating System | debian | debian_linux | 5.0 | Yes |
| Operating System | canonical | ubuntu_linux | 7.10 | Yes |
| Operating System | canonical | ubuntu_linux | 8.04 | Yes |
| Operating System | canonical | ubuntu_linux | 8.10 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 4.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 4.7 | Yes |
| Operating System | redhat | enterprise_linux_eus | 5.3 | Yes |
| Operating System | redhat | enterprise_linux_server | 4.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 5.3 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 4.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 5.0 | Yes |
| Operating System | opensuse | opensuse | 10.3 | Yes |
| Operating System | opensuse | opensuse | 11.0 | Yes |
| Operating System | suse | linux_enterprise_desktop | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 10 | Yes |