CVE-2004-0565
First published: Thu Jul 08 2004(Updated: )
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mandrakesoft Mandrake Multi Network Firewall | =8.2 | |
| Trustix Secure Linux | =2.0 | |
| Mandriva Linux Corporate Server | =2.1 | |
| Mandrake Linux | =9.2 | |
| Trustix Secure Linux | =2 | |
| Linux kernel | =2.4.0 | |
| Mandrake Linux | =10.0 | |
| Trustix Secure Linux | =2.1 | |
| Mandrake Linux | =9.1 | |
| Gentoo Linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
- http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.securityfocus.com/bid/10687
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://secunia.com/advisories/20202
- http://www.debian.org/security/2006/dsa-1082
- http://secunia.com/advisories/20338
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:066
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16644
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714
Frequently Asked Questions
What is the severity of CVE-2004-0565?
CVE-2004-0565 is considered a medium severity vulnerability due to the potential information leak that can be exploited by local users.
How do I fix CVE-2004-0565?
To fix CVE-2004-0565, users should update their affected Linux kernel and apply the latest security patches provided by their distribution.
Which versions of Linux are affected by CVE-2004-0565?
CVE-2004-0565 affects Linux kernel version 2.4.x and specific distributions including Mandrake Linux, Trustix Secure Linux, and others listed in the vulnerability details.
Can CVE-2004-0565 be exploited remotely?
CVE-2004-0565 cannot be exploited remotely as it requires local user access to the affected system.
What impact does CVE-2004-0565 have on system security?
CVE-2004-0565 allows local users to read sensitive floating point register values from other processes, potentially exposing private data.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mandrakesoft
- canonical/mandrakesoft mandrake multi network firewall
- version/mandrakesoft mandrake multi network firewall/8.2
- vendor/trustix
- canonical/trustix secure linux
- version/trustix secure linux/2.0
- canonical/mandriva linux corporate server
- version/mandriva linux corporate server/2.1
- canonical/mandrake linux
- version/mandrake linux/9.2
- version/trustix secure linux/2
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.4.0
- version/mandrake linux/10.0
- version/trustix secure linux/2.1
- version/mandrake linux/9.1
- vendor/gentoo
- canonical/gentoo linux