Bug 189344
Summary: | CVE-2006-1056 FPU Information leak on i386/x86-64 on AMD CPUs | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Marcel Holtmann <holtmann> |
Component: | kernel | Assignee: | Don Howard <dhoward> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | impact=important,source=vendorsec,reported=20060404,embargo=20060419,public=20060419 | ||
Fixed In Version: | RHSA-2006-0579 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-07-13 11:46:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 143573 |
Description
Marcel Holtmann
2006-04-19 12:05:38 UTC
Response from AMD: http://marc.theaimsgroup.com/?l=linux-kernel&m=114548768214478&w=2 The patch introduced a bug in FP exception handling: http://marc.theaimsgroup.com/?l=linux-kernel&m=114633448824132&w=2 It doesn't look like this applies to pensacola (or rhel3/4) - the exception status test we adopted internally was done in c, rather than assembly (and is more readable than the upstream patch, imho): - "bt $7,%[fsw] ; jc 1f ; fnclex\n1:", + "bt $7,%[fsw] ; jnc 1f ; fnclex\n1:", pensacola: if (tsk->thread.i387.fxsave.swd & (1<<7)) asm volatile("fnclex"); verifying via code inspection as there doesn't appear to be a reproducer. Change noted in comment 3 is in arch/i386/kernel/i387.c (line 75) An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0579.html |