ID

VAR-200707-0307


CVE

CVE-2006-7215


TITLE

Intel Core 2 Extreme Processor X6800 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2007-003163

DESCRIPTION

The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90. (A) There are vulnerabilities that are unspecified because they set the bits incorrectly.It may be affected unspecified. Intel Core 2 processors are prone to multiple local denial-of-service vulnerabilities. Attackers can exploit these issues to deny service to legitimate users. Intel CORE 2 is a very popular dual-core processor. Multiple denial of service vulnerabilities exist in CORE 2 processors: If the temperature reaches an invalid temperature, the CPU will not generate a Thermal interrupt even if the set threshold has been exceeded; during the execution of a series of REP store instructions, the store may be Attempts to allocate memory before completing the instruction, resulting in processor lockup and/or system hang; if one logical processor writes to a non-dirty page, another logical processor writes to the same non-dirty page or If the dirty bit is explicitly set in the page table entry of the core, the complex interaction of internal processor behavior can cause unpredictable system behavior and hang; if requesting data from Core 1 causes the L1 cache to be missed, the request will be sent to the L2 cache. If the request encounters a modified line in Core 2's L1 data cache, certain internal requests may cause incorrect data to be returned to Core 1. #PF code may be mishandled if: 1 PDE is modified without validating the relevant TLB entry 2 Code execution diverts to a different code page that satisfies both of the following conditions: * The target linear address is equal to the modified PDE * The PTE of the target linear address contains an explicit A (Accessed) bit 3 One of the following simultaneous exceptions occurs after code diversion: * #DB code and #PF code* Segmentation limit violation #GP code and #PF code software It can be seen that the #PF code is incorrectly processed before the segmentation fault destroys the #GP code, or the #PF code is processed instead of the #DB code

Trust: 1.98

sources: NVD: CVE-2006-7215 // JVNDB: JVNDB-2007-003163 // BID: 24702 // VULHUB: VHN-23323

AFFECTED PRODUCTS

vendor:intelmodel:core 2 duo e4000scope: - version: -

Trust: 1.4

vendor:intelmodel:core 2 duo e6000scope: - version: -

Trust: 1.4

vendor:intelmodel:core 2 extreme x6800scope: - version: -

Trust: 1.4

vendor:intelmodel:core 2 duo e6000scope:eqversion:*

Trust: 1.0

vendor:intelmodel:core 2 extreme x6800scope:eqversion:*

Trust: 1.0

vendor:intelmodel:core 2 duo e4000scope:eqversion:*

Trust: 1.0

vendor:intelmodel:corescope:eqversion:20

Trust: 0.3

sources: BID: 24702 // JVNDB: JVNDB-2007-003163 // CNNVD: CNNVD-200707-035 // NVD: CVE-2006-7215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-7215
value: LOW

Trust: 1.0

NVD: CVE-2006-7215
value: LOW

Trust: 0.8

CNNVD: CNNVD-200707-035
value: LOW

Trust: 0.6

VULHUB: VHN-23323
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2006-7215
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23323
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23323 // JVNDB: JVNDB-2007-003163 // CNNVD: CNNVD-200707-035 // NVD: CVE-2006-7215

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-7215

THREAT TYPE

local

Trust: 0.9

sources: BID: 24702 // CNNVD: CNNVD-200707-035

TYPE

Design Error

Trust: 0.9

sources: BID: 24702 // CNNVD: CNNVD-200707-035

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-003163

PATCH

title:Top pageurl:http://www.intel.co.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2007-003163

EXTERNAL IDS

db:NVDid:CVE-2006-7215

Trust: 2.8

db:BIDid:24702

Trust: 2.0

db:JVNDBid:JVNDB-2007-003163

Trust: 0.8

db:CNNVDid:CNNVD-200707-035

Trust: 0.7

db:MLISTid:[OPENBSD-MISC] 20070627 INTEL CORE 2

Trust: 0.6

db:FULLDISCid:20070628 RE: INTEL CORE 2 CPUS ARE BUGGY. PATCH YOUR CPUS :D

Trust: 0.6

db:VULHUBid:VHN-23323

Trust: 0.1

sources: VULHUB: VHN-23323 // BID: 24702 // JVNDB: JVNDB-2007-003163 // CNNVD: CNNVD-200707-035 // NVD: CVE-2006-7215

REFERENCES

url:http://download.intel.com/design/processor/specupdt/31327914.pdf

Trust: 2.0

url:http://www.matasano.com/log/894/theo-de-raadt-intel-core-2-bugs-assuredly-exploitable-from-userland/

Trust: 2.0

url:http://marc.info/?l=openbsd-misc&m=118296441702631&w=2

Trust: 1.9

url:http://www.securityfocus.com/bid/24702

Trust: 1.7

url:http://seclists.org/fulldisclosure/2007/jun/0605.html

Trust: 1.7

url:http://www.geek.com/images/geeknews/2006jan/core_duo_errata__2006_01_21__full.gif

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7215

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7215

Trust: 0.8

url:http://www.intel.com/

Trust: 0.3

url:http://marc.info/?l=openbsd-misc&m=118296441702631&w=2

Trust: 0.1

sources: VULHUB: VHN-23323 // BID: 24702 // JVNDB: JVNDB-2007-003163 // CNNVD: CNNVD-200707-035 // NVD: CVE-2006-7215

CREDITS

Theo de Raadt※ deraadt@cvs.openbsd.org

Trust: 0.6

sources: CNNVD: CNNVD-200707-035

SOURCES

db:VULHUBid:VHN-23323
db:BIDid:24702
db:JVNDBid:JVNDB-2007-003163
db:CNNVDid:CNNVD-200707-035
db:NVDid:CVE-2006-7215

LAST UPDATE DATE

2025-04-10T23:09:44.395000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-23323date:2008-09-05T00:00:00
db:BIDid:24702date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-003163date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200707-035date:2007-07-25T00:00:00
db:NVDid:CVE-2006-7215date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-23323date:2007-07-03T00:00:00
db:BIDid:24702date:2007-06-28T00:00:00
db:JVNDBid:JVNDB-2007-003163date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200707-035date:2007-06-28T00:00:00
db:NVDid:CVE-2006-7215date:2007-07-03T21:30:00