CVE-2008-2729

2008-06-3022:41:00

CWE-200

[email protected]

web.nvd.nist.gov

linux

kernel

vulnerability

amd64

information security

cve-2008-2729

6.8 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

9.5%

JSON

arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.19

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.19

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=3022d734a54cbd2b65eea9a024564821101b4a9a%3Bhp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff

rhn.redhat.com/errata/RHSA-2008-0508.html

secunia.com/advisories/30849

secunia.com/advisories/30850

secunia.com/advisories/31107

secunia.com/advisories/31551

secunia.com/advisories/31628

www.debian.org/security/2008/dsa-1630

www.mandriva.com/security/advisories?name=MDVSA-2008:174

www.redhat.com/support/errata/RHSA-2008-0519.html

www.redhat.com/support/errata/RHSA-2008-0585.html

www.securityfocus.com/bid/29943

www.securitytracker.com/id?1020364