Red Hat Bugzilla – Bug 451271
CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception.
Last modified: 2010-12-23 14:06:40 EST
Description of problem:
Andi Kleen has provided upstream fix for the following x86_64 arch
- Don't zero for __copy_from_user_inatomic following i386.
This will prevent spurious zeros for parallel file system writers when
one does a exception
- The string instruction version didn't zero the output on
Version-Release number of selected component (if applicable):
All Linux kernel version prior 2.6.19
The possibility of potentially sensitive data leak.
No sensitive data leak.
Link to upstream commit:
This issue discovered by Cai Qian in RH in process of RHSA-2008:0508 kernel
This was addressed via:
Red Hat Enterprise Linux version 4 (RHSA-2008:0508)
Red Hat Enterprise Linux version 5 (RHSA-2008:0519)
MRG Realtime for RHEL 5 Server (RHSA-2008:0585)