Bug 451271 (CVE-2008-2729) - CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception.
Summary: CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero th...
Status: CLOSED ERRATA
Alias: CVE-2008-2729
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: reported=20080612,public=20060826,sou...
Keywords: Security
Depends On: 451272 451273 451274 451275 451276 453137
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-13 17:25 UTC by Jan Lieskovsky
Modified: 2019-06-08 12:31 UTC (History)
10 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2010-12-23 19:06:40 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0508 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-06-25 15:18:03 UTC
Red Hat Product Errata RHSA-2008:0519 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-06-25 15:47:49 UTC
Red Hat Product Errata RHSA-2008:0585 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-08-26 19:56:57 UTC

Description Jan Lieskovsky 2008-06-13 17:25:10 UTC
Description of problem:
=======================

Andi Kleen has provided upstream fix for the following x86_64 arch
related issue:

- Don't zero for __copy_from_user_inatomic following i386.
This will prevent spurious zeros for parallel file system writers when
one does a exception
- The string instruction version didn't zero the output on
exception. Oops.

Version-Release number of selected component (if applicable):
All Linux kernel version prior 2.6.19

How reproducible:
Always
  
Actual results:
The possibility of potentially sensitive data leak.

Expected results:
No sensitive data leak.

Additional info:

Link to upstream commit:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff

This issue discovered by Cai Qian in RH in process of RHSA-2008:0508 kernel
QA testing.

Comment 13 Vincent Danen 2010-12-23 19:06:40 UTC
This was addressed via:

Red Hat Enterprise Linux version 4 (RHSA-2008:0508)
Red Hat Enterprise Linux version 5 (RHSA-2008:0519)
MRG Realtime for RHEL 5 Server (RHSA-2008:0585)


Note You need to log in before you can comment on or make changes to this bug.