Bug 66535 - CVE-2002-1571 kernel leaks register information to other processes
Summary: CVE-2002-1571 kernel leaks register information to other processes
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kernel (Show other bugs)
(Show other bugs)
Version: 2.1
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Larry Woodman
QA Contact: Brian Brock
URL:
Whiteboard: impact=moderate,source=lkml,reported=...
Keywords: Security
Depends On: 66521
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-06-11 20:49 UTC by Arjan van de Ven
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-07-18 14:00:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2002:128 normal SHIPPED_LIVE Moderate: Updated kernel with information security fixes, bug fixes, and updated drivers 2002-06-25 04:00:00 UTC

Description Arjan van de Ven 2002-06-11 20:49:52 UTC
The AS kernel leaks the contents of the XMM registers (Screaming Sindy) to other
processes as it fails to zero them on process start and during ptrace. Since
those registers are mostly used by crypto programs this security leak can be
rather senstive. Patch available for 2.4.18; will apply to 2.4.9 with minimal
changes

Comment 1 Larry Woodman 2002-08-05 16:17:47 UTC
Fixed in AS2.1 errata kernel-2.4.9-e.8, released on 7/29.

Larry Woodman


Note You need to log in before you can comment on or make changes to this bug.