Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mandrake_multi_network_firewall | Mandrakesoft | 8.2 (including) | 8.2 (including) |
| Red Hat Enterprise Linux 3 | RedHat | kernel-0:2.4.21-27.0.1.EL | * |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Kernel-source-2.4.27 | Ubuntu | dapper | * |
| Kernel-source-2.4.27 | Ubuntu | edgy | * |
References
- http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:066
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.securityfocus.com/bid/10687
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16644
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714
- http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:066
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.securityfocus.com/bid/10687
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16644
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714