Vulnerability CVE-2008-2729
Published: 2008-06-30   Modified: 2012-02-12

Description:
arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Red hat -> Linux kernel 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=451271
http://xforce.iss.net/xforce/xfdb/43558
http://www.ubuntu.com/usn/usn-625-1
http://www.securitytracker.com/id?1020364
http://www.securityfocus.com/bid/29943
http://www.redhat.com/support/errata/RHSA-2008-0585.html
http://www.redhat.com/support/errata/RHSA-2008-0519.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
http://www.debian.org/security/2008/dsa-1630
http://secunia.com/advisories/31628
http://secunia.com/advisories/31551
http://secunia.com/advisories/31107
http://secunia.com/advisories/30850
http://secunia.com/advisories/30849
http://rhn.redhat.com/errata/RHSA-2008-0508.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11571
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff
Copyright 2024, cxsecurity.com

 

Back to Top