blob: 2ee6da1ba57f937f4d449ff5bb224ed7ca9aa1fa (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Candidate: CVE-2009-2910
Description:
32-bit processes running on an x86_64 machine can see uncleared content in registers
R8-R15.
References:
http://www.openwall.com/lists/oss-security/2009/10/01/2
Notes:
attackers can see all content passing thru these registers, so this may be somewhat
urgent since it may be possible to piece the info together to recover passwords or
other badness
Bugs:
upstream: released (2.6.31.4) [ee39c2f3e1e667314c018c9fd1e205c97e746bd2], released (2.6.32-rc4) [24e35800cdc4350fc34e2bed37b608a9e13ab3b6]
linux-2.6: released (2.6.31-1~experimental.2) [bugfix/all/stable/2.6.31.4.patch]
2.6.18-etch-security: ignored (EOL)
2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/x86-64-slightly-stream-line-32-bit-syscall-entry-code.patch, bugfix/don-t-leak-64-bit-kernel-register-values-to-32-bit-processes.patch]
2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/x86/x86-64-slightly-stream-line-32-bit-syscall-entry-code.patch, bugfix/x86/don-t-leak-64-bit-kernel-register-values-to-32-bit-processes.patch]
|