CVE-2008-2729
Published: 30 June 2008
arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
From the Ubuntu Security Team
The copy_to_user routine in the kernel did not correctly clear memory destination addresses when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive kernel memory, leading to a loss of privacy.
Notes
| Author | Note |
|---|---|
| kees | backported to Dapper |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.19~rc1)
|
| dapper |
Released
(2.6.15-52.69)
|
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
|
linux-source-2.6.17 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.19~rc1)
|
| dapper |
Does not exist
|
|
| edgy |
Not vulnerable
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.19~rc1)
|
| dapper |
Does not exist
|
|
| edgy |
Does not exist
|
|
| feisty |
Not vulnerable
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.19~rc1)
|
| dapper |
Does not exist
|
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Not vulnerable
|
|
| hardy |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.19~rc1)
|
| dapper |
Does not exist
|
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Not vulnerable
|
|
|
Patches: vendor: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-67.0.20.EL.src.rpm:SOURCES/linux-2.6.9-x86_64-copy_user-zero-tail.patch |
||