Bug 124734 - CAN-2004-0565 Information leak on Linux/ia64
Summary: CAN-2004-0565 Information leak on Linux/ia64
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel
Version: 3.0
Hardware: ia64
OS: Linux
Target Milestone: ---
Assignee: Jason Baron
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-05-28 21:46 UTC by Arun Sharma
Modified: 2013-03-06 05:57 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2004-12-23 20:47:59 UTC

Attachments (Terms of Use)
Lazy FP leak fix (1.02 KB, patch)
2004-05-28 21:47 UTC, Arun Sharma
no flags Details | Diff
secret.c (802 bytes, text/plain)
2004-05-28 21:47 UTC, Arun Sharma
no flags Details
check.c (354 bytes, text/plain)
2004-05-28 21:48 UTC, Arun Sharma
no flags Details

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:689 normal SHIPPED_LIVE Important: kernel security update 2004-12-23 05:00:00 UTC

Description Arun Sharma 2004-05-28 21:46:45 UTC
Description of problem:

Linux 2.4.x and the SLES9/ia64 kernels have a floating point leak.
This is because the context switch code checks just the psr.mfh bit
and doesn't look at who the FPH owner is.

This allows a malicious program to set the MFH bit and look at the
registers of another possibly sensitive process.

Version-Release number of selected component (if applicable):


How reproducible:

Run N (= number of cpus) copies of the program secret and one copy of
the program check.

Comment 1 Arun Sharma 2004-05-28 21:47:32 UTC
Created attachment 100687 [details]
Lazy FP leak fix

This patch fixes the issue.

Comment 2 Arun Sharma 2004-05-28 21:47:52 UTC
Created attachment 100688 [details]

Comment 3 Arun Sharma 2004-05-28 21:48:15 UTC
Created attachment 100689 [details]

Comment 5 Josh Bressers 2004-06-18 15:15:52 UTC
*** Bug 126126 has been marked as a duplicate of this bug. ***

Comment 7 Ernie Petrides 2004-12-20 23:44:49 UTC
A fix for this problem has just been committed to the RHEL3 E5
patch pool this evening (in kernel version 2.4.21-27.0.1.EL).

Comment 8 Ernie Petrides 2004-12-22 21:57:39 UTC
A fix for this problem has also been committed to the RHEL3 U5
patch pool this evening (in kernel version 2.4.21-27.4.EL).

Comment 9 Josh Bressers 2004-12-23 20:47:59 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.