What is CVE-2007-1388?

CVE-2007-1388 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.4 out of 10. CVE-2007-1388 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2007-1388?

CVE-2007-1388 has a CVSS score of 4.4 out of 10, rated Medium severity. The vector string is AV:L/AC:M/Au:S/C:N/I:N/A:C.

Is there a patch available for CVE-2007-1388?

No patch is currently available for CVE-2007-1388. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2007-1388 actively exploited?

CVE-2007-1388 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2007-1388

Medium

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.

Package Linux Kernel

Published 2007-03-10

Last modified 2026-04-23

CVSS version 2.0

Patch available

Awaiting data

CVSS 2.0 score

4.4

out of 10

Medium

Attack Vector

Local

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

None

Integrity

None

Availability

Vector string

AV:L/AC:M/Au:S/C:N/I:N/A:C

Weakness type

CWE-399

CVE-2007-1388 is classified as CWE-399

See CWE-399 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2007-1388 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel.org
http://bugzilla.kernel.org/show_bug.cgi?id=8155
SUSE
http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html
Secunia
http://secunia.com/advisories/24777

Vendor Advisory
Secunia
http://secunia.com/advisories/24901

Vendor Advisory
Secunia
http://secunia.com/advisories/25080

Vendor Advisory
Secunia
http://secunia.com/advisories/25099

Vendor Advisory
Secunia
http://secunia.com/advisories/25392

Vendor Advisory
Kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.4
Mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
Red Hat
http://www.redhat.com/support/errata/RHSA-2007-0169.html
Securityfocus
http://www.securityfocus.com/bid/23142
Ubuntu Security
http://www.ubuntu.com/usn/usn-464-1
Vupen
http://www.vupen.com/english/advisories/2007/1122

Vendor Advisory
Issues
https://issues.rpath.com/browse/RPL-1154
Oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11509

Details

CVE ID CVE-2007-1388

Severity Medium

CVSS score 4.4 / 10

CVSS version 2.0

Published 2007-03-10

Modified 2026-04-23

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2007-1388?

CVE-2007-1388 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.4 out of 10 . CVE-2007-1388 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2007-1388?

CVE-2007-1388 has a CVSS score of 4.4 out of 10, rated Medium severity (CVSS 2.0). The vector string is AV:L/AC:M/Au:S/C:N/I:N/A:C.
Is there a patch available for CVE-2007-1388?

No patch is currently available for CVE-2007-1388. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2007-1388 actively exploited?

No — CVE-2007-1388 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.