Bug 66535

Summary: CVE-2002-1571 kernel leaks register information to other processes
Product: Red Hat Enterprise Linux 2.1 Reporter: Arjan van de Ven <arjanv>
Component: kernelAssignee: Larry Woodman <lwoodman>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: impact=moderate,source=lkml,reported=20020417,public=20020417
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-07-18 14:00:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 66521    
Bug Blocks:    

Description Arjan van de Ven 2002-06-11 20:49:52 UTC
The AS kernel leaks the contents of the XMM registers (Screaming Sindy) to other
processes as it fails to zero them on process start and during ptrace. Since
those registers are mostly used by crypto programs this security leak can be
rather senstive. Patch available for 2.4.18; will apply to 2.4.9 with minimal
changes

Comment 1 Larry Woodman 2002-08-05 16:17:47 UTC
Fixed in AS2.1 errata kernel-2.4.9-e.8, released on 7/29.

Larry Woodman