CVE-2008-2729

Priority
Low
Description
arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64
systems does not erase destination memory locations after an exception
during kernel memory copy, which allows local users to obtain sensitive
information.
Ubuntu-Description
The copy_to_user routine in the kernel did not correctly clear memory
destination addresses when running on 64bit kernels. A local attacker
could exploit this to gain access to sensitive kernel memory, leading
to a loss of privacy.
References
Notes
kees> backported to Dapper
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Patches:
Upstream:3022d734a54cbd2b65eea9a024564821101b4a9a
Vendor:ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-67.0.20.EL.src.rpm:SOURCES/linux-2.6.9-x86_64-copy_user-zero-tail.patch
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:52 UTC (commit 5347)