Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 124734 - CAN-2004-0565 Information leak on Linux/ia64
CAN-2004-0565 Information leak on Linux/ia64
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
ia64 Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Baron
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-05-28 17:46 EDT by Arun Sharma
Modified: 2013-03-06 00:57 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-23 15:47:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Lazy FP leak fix (1.02 KB, patch)
2004-05-28 17:47 EDT, Arun Sharma
no flags Details | Diff
secret.c (802 bytes, text/plain)
2004-05-28 17:47 EDT, Arun Sharma
no flags Details
check.c (354 bytes, text/plain)
2004-05-28 17:48 EDT, Arun Sharma
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:689 normal SHIPPED_LIVE Important: kernel security update 2004-12-23 00:00:00 EST

  None (edit)
Description Arun Sharma 2004-05-28 17:46:45 EDT
Description of problem:

Linux 2.4.x and the SLES9/ia64 kernels have a floating point leak.
This is because the context switch code checks just the psr.mfh bit
and doesn't look at who the FPH owner is.

This allows a malicious program to set the MFH bit and look at the
registers of another possibly sensitive process.

Version-Release number of selected component (if applicable):


How reproducible:

Run N (= number of cpus) copies of the program secret and one copy of
the program check.
Comment 1 Arun Sharma 2004-05-28 17:47:32 EDT
Created attachment 100687 [details]
Lazy FP leak fix

This patch fixes the issue.
Comment 2 Arun Sharma 2004-05-28 17:47:52 EDT
Created attachment 100688 [details]
Comment 3 Arun Sharma 2004-05-28 17:48:15 EDT
Created attachment 100689 [details]
Comment 5 Josh Bressers 2004-06-18 11:15:52 EDT
*** Bug 126126 has been marked as a duplicate of this bug. ***
Comment 7 Ernie Petrides 2004-12-20 18:44:49 EST
A fix for this problem has just been committed to the RHEL3 E5
patch pool this evening (in kernel version 2.4.21-27.0.1.EL).
Comment 8 Ernie Petrides 2004-12-22 16:57:39 EST
A fix for this problem has also been committed to the RHEL3 U5
patch pool this evening (in kernel version 2.4.21-27.4.EL).
Comment 9 Josh Bressers 2004-12-23 15:47:59 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.