sys_get_thread_area does a copy_to_user on a partially unitialized structure,
which can leak a few random bits of information to userspace.
2.4 is not affected, however RHEL3 probably is due to linux-2.4.20-o1-nptl.patch
I've confirmed that there is a 3-byte + 1-bit info leak in RHEL3.
This is a silly bug, but it is trivial to fix.
It's unfortunate that such leaks in the past have been classed as security
issues - it's not like you can particularly influence what you get or even know
the context of what you got. I've not applied for a CVE name for this issue and
do not intend to do so for such a trivial issue of minor risk.
Patch posted for review on 6-Oct-2005.
A fix for this problem has just been committed to the RHEL3 U7
patch pool this evening (in kernel version 2.4.21-37.5.EL).
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.