Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 187910

Summary: CVE-2006-1056 FPU Information leak on i386/x86-64 on AMD CPUs
Product: Red Hat Enterprise Linux 4 Reporter: Marcel Holtmann <holtmann>
Component: kernelAssignee: Jim Paradis <jparadis>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 4.0CC: jbaron, peterm, security-response-team, vanhoof
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,source=vendorsec,reported=20060404,embargo=20060419,public=20060419
Fixed In Version: RHSA-2006-0575 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-10 23:02:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 181409    
Attachments:
Description Flags
Code to show the problem
none
Patch from Jan Beulich to address the problem none

Comment 7 Marcel Holtmann 2006-04-19 12:01:09 UTC 
An information leak has been reported that affects the Linux kernel running on
certain AMD processors (CVE-2006-1056). This issue is due to the behavior of
FXSAVE and FXRSTOR instructions on AMD processors is different from the behavior
on Intel processors. The difference is documented in "AMD64 Architecture
Programmer's Manual Volume 5: 64-Bit Media and x87 Floating-Point Instructions
Rev 3.06". This difference was not widely known and therefore Linux kernels
assumed these instructions would have same behavior as on Intel processors.

Under specific conditions this may allow a local user to observe the x87
exception pointers of another process. Although this is a minor information
leak, if the floating point unit is being used for a cryptographic algorithm
this could potentially leak some or all of key data.

According to AMD, this will affect processors with "AuthenticAMD" in the CPUID
vendor string. This includes the 7th generation (Family=06h) and 8th generation
(Family=0Fh) of AMD processors.

This issue has been rated as having important security severity and it affects
all Red Hat Enterprise Linux 2.1, 3, and 4 versions running on AMD processors of
the 7th and 8th generation.
Comment 9 Marcel Holtmann 2006-04-19 23:07:16 UTC 
Response from AMD:

http://marc.theaimsgroup.com/?l=linux-kernel&m=114548768214478&w=2
Comment 10 Marcel Holtmann 2006-04-29 20:40:44 UTC 
The patch introduced a bug in FP exception handling:

http://marc.theaimsgroup.com/?l=linux-kernel&m=114633448824132&w=2
Comment 12 Jason Baron 2006-06-23 18:10:54 UTC 
committed in stream U4 build 39.2. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel
Comment 14 Mike Gahagan 2006-07-14 19:58:39 UTC 
Patch is in -42.EL.
Comment 16 Red Hat Bugzilla 2006-08-10 23:02:29 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0575.html