[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2729Date: (C)2008-06-30   (M)2023-12-22


arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1020364
BID-29943
SECUNIA-30849
SECUNIA-30850
SECUNIA-31107
SECUNIA-31551
SECUNIA-31628
DSA-1630
MDVSA-2008:174
RHSA-2008:0508
RHSA-2008:0519
RHSA-2008:0585
USN-625-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=3022d734a54cbd2b65eea9a024564821101b4a9a%3Bhp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff
https://bugzilla.redhat.com/show_bug.cgi?id=451271
linux-kernel-destination-info-disclosure(43558)
oval:org.mitre.oval:def:11571

CPE    1
cpe:/o:linux:linux_kernel
CWE    1
CWE-200
OVAL    1
oval:org.mitre.oval:def:8183

© SecPod Technologies