CVE-2008-3901: Infoleak
First published: Wed Sep 03 2008(Updated: )
Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | =2.6.16 | |
| Suspend2 Software Suspend 2 | =2-2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2008-3901?
CVE-2008-3901 is classified as a medium severity vulnerability due to its potential exposure of sensitive information.
How do I fix CVE-2008-3901?
To mitigate CVE-2008-3901, consider upgrading to a newer version of the Linux kernel or Suspend2 Software Suspend that addresses this vulnerability.
Who is affected by CVE-2008-3901?
CVE-2008-3901 affects users of the Suspend2 Software Suspend version 2-2.2.1 using Linux kernel version 2.6.16.
What kind of data is exposed in CVE-2008-3901?
CVE-2008-3901 potentially exposes pre-boot authentication passwords stored in the BIOS Keyboard buffer.
Is CVE-2008-3901 a local or remote vulnerability?
CVE-2008-3901 is a local vulnerability, allowing local users to access sensitive information.
- collector/nvd-historical
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.16
- vendor/suspend2
- canonical/suspend2 software suspend 2
- version/suspend2 software suspend 2/2-2.2.1