Your submission was sent successfully! Close

CVE-2008-0598

Published: 30 June 2008

Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.

From the Ubuntu security team

Tavis Ormandy discovered that the ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.24)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream Needed

linux-source-2.6.17
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-source-2.6.20
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Notes

AuthorNote
kees
needs http://lkml.org/lkml/diff/2008/6/25/157/1
maybe linux-2.6: 64649a58919e66ec21792dbb6c48cb3da22cbd7f

References