CVE-2009-2910

2009-10-2017:30:00

CWE-200

[email protected]

web.nvd.nist.gov

linux

kernel

x86

security

64-bit mode

vulnerability

5.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.3%

JSON

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.31.4
suse:linux_enterprise_serversuse linux enterprise servereq9
opensuse:opensuseopensuseeq11.0
suse:linux_enterprise_serversuse linux enterprise servereq10
suse:linux_enterprise_desktopsuse linux enterprise desktopeq10
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq10
suse:linux_enterprise_debuginfosuse linux enterprise debuginfoeq10
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.10

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.31.4
suse:linux_enterprise_server	suse linux enterprise server	eq	9
opensuse:opensuse	opensuse	eq	11.0
suse:linux_enterprise_server	suse linux enterprise server	eq	10
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	10
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	10
suse:linux_enterprise_debuginfo	suse linux enterprise debuginfo	eq	10
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.10