Bug 451271 - (CVE-2008-2729) CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception.
CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero th...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 451272 451273 451274 451275 451276 453137
  Show dependency treegraph
Reported: 2008-06-13 13:25 EDT by Jan Lieskovsky
Modified: 2010-12-23 14:06 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-12-23 14:06:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2008-06-13 13:25:10 EDT
Description of problem:

Andi Kleen has provided upstream fix for the following x86_64 arch
related issue:

- Don't zero for __copy_from_user_inatomic following i386.
This will prevent spurious zeros for parallel file system writers when
one does a exception
- The string instruction version didn't zero the output on
exception. Oops.

Version-Release number of selected component (if applicable):
All Linux kernel version prior 2.6.19

How reproducible:
Actual results:
The possibility of potentially sensitive data leak.

Expected results:
No sensitive data leak.

Additional info:

Link to upstream commit:


This issue discovered by Cai Qian in RH in process of RHSA-2008:0508 kernel
QA testing.
Comment 13 Vincent Danen 2010-12-23 14:06:40 EST
This was addressed via:

Red Hat Enterprise Linux version 4 (RHSA-2008:0508)
Red Hat Enterprise Linux version 5 (RHSA-2008:0519)
MRG Realtime for RHEL 5 Server (RHSA-2008:0585)

Note You need to log in before you can comment on or make changes to this bug.