CVE-2009-2910: Infoleak
First published: Thu Oct 01 2009(Updated: )
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <2.6.31.4 | |
| SUSE Linux Enterprise Debuginfo | =10-sp2 | |
| openSUSE openSUSE | =11.0 | |
| SUSE Linux Enterprise Desktop | =10-sp2 | |
| SUSE Linux Enterprise Server | =9 | |
| SUSE Linux Enterprise Server | =10-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp2 | |
| Canonical Ubuntu Linux | =6.06 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =8.10 | |
| Canonical Ubuntu Linux | =9.04 | |
| Canonical Ubuntu Linux | =9.10 | |
| Redhat Virtualization | =5 | |
| Redhat Enterprise Linux Desktop | =5.0 | |
| Redhat Enterprise Linux Eus | =5.4 | |
| Redhat Enterprise Linux Server | =5.0 | |
| Redhat Enterprise Linux Workstation | =5.0 | |
| Fedoraproject Fedora | =10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=363386&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=363386&action=edit
- http://lkml.org/lkml/2009/10/1/164
- http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=24e35800cdc4350fc34e2bed37b
- http://admin.fedoraproject.org/updates/kernel-2.6.27.37-170.2.104.fc10
- http://admin.fedoraproject.org/updates/kernel-2.6.30.9-90.fc11
- https://rhn.redhat.com/errata/RHSA-2009-1540.html
- https://rhn.redhat.com/errata/RHSA-2009-1671.html
- https://rhn.redhat.com/errata/RHSA-2010-0046.html
- https://bugzilla.redhat.com/show_bug.cgi?id=526788
- http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git%3Ba=commit%3Bh=24e35800cdc4350fc34e2bed37b608a9e13ab3b6
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
- http://marc.info/?l=oss-security&m=125442304214452&w=2
- http://marc.info/?l=oss-security&m=125444390112831&w=2
- http://marc.info/?l=oss-security&m=125511635004768&w=2
- http://secunia.com/advisories/36927
- http://secunia.com/advisories/37075
- http://secunia.com/advisories/37351
- http://support.avaya.com/css/P8/documents/100073666
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4
- http://www.openwall.com/lists/oss-security/2009/10/02/1
- http://www.redhat.com/support/errata/RHSA-2009-1671.html
- http://www.securityfocus.com/bid/36576
- http://www.ubuntu.com/usn/usn-864-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7359
- https://rhn.redhat.com/errata/RHSA-2010-0095.html
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2910
- vendor/linux
- canonical/linux linux kernel
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/10-sp2
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/11.0
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/10-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/9
- version/suse linux enterprise server/10-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp2
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/6.06
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/8.10
- version/canonical ubuntu linux/9.04
- version/canonical ubuntu linux/9.10
- vendor/redhat
- canonical/redhat virtualization
- version/redhat virtualization/5
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5.4
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/5.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/5.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/10