Information disclosure

2008-06-3022:41:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

8.4%

JSON

arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.

CPENameOperatorVersion
linux_kernellt2.6.19

CPE	Name	Operator	Version
	linux_kernel	lt	2.6.19

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=3022d734a54cbd2b65eea9a024564821101b4a9a%3Bhp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff

rhn.redhat.com/errata/RHSA-2008-0508.html

secunia.com/advisories/30849

secunia.com/advisories/30850

secunia.com/advisories/31107

secunia.com/advisories/31551

secunia.com/advisories/31628

www.debian.org/security/2008/dsa-1630

www.mandriva.com/security/advisories?name=MDVSA-2008:174

www.redhat.com/support/errata/RHSA-2008-0519.html

www.redhat.com/support/errata/RHSA-2008-0585.html

www.securityfocus.com/bid/29943

www.securitytracker.com/id?1020364