Linux Kernel MFH Bit Information Disclosure

2004-05-28T05:46:00
ID OSVDB:7585
Type osvdb
Reporter Arun Sharma()
Modified 2004-05-28T05:46:00

Description

Vulnerability Description

The ia64 Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a floating point leak occurs, which will disclose the registers of other process information resulting in a loss of confidentiality.

Technical Description

The context switch code only checks the psr.mfh bit and does not look at who the own the FPH. This allows an attacker to set the MFH bit and look at the registers of another sensitive process.

Solution Description

Upgrade to version 2.4.26 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing applicable patches from your respective Linux vendor.

Short Description

The ia64 Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a floating point leak occurs, which will disclose the registers of other process information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.kernel.org Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:20162 Secunia Advisory ID:12025 Secunia Advisory ID:11943 Secunia Advisory ID:12132 Secunia Advisory ID:20163 Secunia Advisory ID:13458 Secunia Advisory ID:20202 Secunia Advisory ID:20338 RedHat RHSA: RHSA-2004:689 RedHat RHSA: RHSA-2004:504 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:066 Other Advisory URL: http://article.gmane.org/gmane.linux.gentoo.announce/398 Mail List Post: http://marc.theaimsgroup.com/?l=openwall-announce&m=108763826328168 ISS X-Force ID: 16644 CVE-2004-0565