451271 – (CVE-2008-2729) CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception.

Bug 451271 (CVE-2008-2729) - CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception.

Summary: CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero th...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-2729
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	451272 451273 451274 451275 451276 453137
Blocks:
TreeView+	depends on / blocked

Reported:	2008-06-13 17:25 UTC by Jan Lieskovsky
Modified:	2019-09-29 12:24 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-12-23 19:06:40 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0508	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-06-25 15:18:03 UTC
Red Hat Product Errata	RHSA-2008:0519	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-06-25 15:47:49 UTC
Red Hat Product Errata	RHSA-2008:0585	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-08-26 19:56:57 UTC

Description Jan Lieskovsky 2008-06-13 17:25:10 UTC

Description of problem:
=======================

Andi Kleen has provided upstream fix for the following x86_64 arch
related issue:

- Don't zero for __copy_from_user_inatomic following i386.
This will prevent spurious zeros for parallel file system writers when
one does a exception
- The string instruction version didn't zero the output on
exception. Oops.

Version-Release number of selected component (if applicable):
All Linux kernel version prior 2.6.19

How reproducible:
Always
  
Actual results:
The possibility of potentially sensitive data leak.

Expected results:
No sensitive data leak.

Additional info:

Link to upstream commit:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff

This issue discovered by Cai Qian in RH in process of RHSA-2008:0508 kernel
QA testing.

Comment 13 Vincent Danen 2010-12-23 19:06:40 UTC

This was addressed via:

Red Hat Enterprise Linux version 4 (RHSA-2008:0508)
Red Hat Enterprise Linux version 5 (RHSA-2008:0519)
MRG Realtime for RHEL 5 Server (RHSA-2008:0585)

Note You need to log in before you can comment on or make changes to this bug.