CVE-2008-3901
Published: 3 September 2008
Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Notes
| Author | Note |
|---|---|
| jdstrand | requires root access to the machine which gives access to do anything anyway (unless restricting root access via SELinux, which Ubuntu does not) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Ignored
(end of life, was needed)
|
|
| upstream |
Needs triage
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life, was needed)
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Does not exist
|
|
| upstream |
Needs triage
|