CVE - CVE-2006-1056

CVE-ID
CVE-2006-1056	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1015966 URL:http://securitytracker.com/id?1015966 MISC:17600 URL:http://www.securityfocus.com/bid/17600 MISC:19715 URL:http://secunia.com/advisories/19715 MISC:19724 URL:http://secunia.com/advisories/19724 MISC:19735 URL:http://secunia.com/advisories/19735 MISC:20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu URL:http://www.securityfocus.com/archive/1/431341 MISC:20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 URL:http://www.securityfocus.com/archive/1/451419/100/200/threaded MISC:20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 URL:http://www.securityfocus.com/archive/1/451404/100/0/threaded MISC:20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 URL:http://www.securityfocus.com/archive/1/451417/100/200/threaded MISC:20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue URL:http://www.securityfocus.com/archive/1/451421/100/0/threaded MISC:20398 URL:http://secunia.com/advisories/20398 MISC:20671 URL:http://secunia.com/advisories/20671 MISC:20716 URL:http://secunia.com/advisories/20716 MISC:20914 URL:http://secunia.com/advisories/20914 MISC:21035 URL:http://secunia.com/advisories/21035 MISC:21136 URL:http://secunia.com/advisories/21136 MISC:21465 URL:http://secunia.com/advisories/21465 MISC:21983 URL:http://secunia.com/advisories/21983 MISC:22417 URL:http://secunia.com/advisories/22417 MISC:22875 URL:http://secunia.com/advisories/22875 MISC:22876 URL:http://secunia.com/advisories/22876 MISC:24746 URL:~~http://www.osvdb.org/24746~~ (Obsolete source) MISC:24807 URL:~~http://www.osvdb.org/24807~~ (Obsolete source) MISC:ADV-2006-1426 URL:~~http://www.vupen.com/english/advisories/2006/1426~~ (Obsolete source) MISC:ADV-2006-1475 URL:~~http://www.vupen.com/english/advisories/2006/1475~~ (Obsolete source) MISC:ADV-2006-2554 URL:~~http://www.vupen.com/english/advisories/2006/2554~~ (Obsolete source) MISC:ADV-2006-4353 URL:~~http://www.vupen.com/english/advisories/2006/4353~~ (Obsolete source) MISC:ADV-2006-4502 URL:~~http://www.vupen.com/english/advisories/2006/4502~~ (Obsolete source) MISC:DSA-1097 URL:http://www.debian.org/security/2006/dsa-1097 MISC:DSA-1103 URL:http://www.debian.org/security/2006/dsa-1103 MISC:FEDORA-2006-423 URL:http://lwn.net/Alerts/180820/ MISC:FreeBSD-SA-06:14 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc MISC:RHSA-2006:0437 URL:http://www.redhat.com/support/errata/RHSA-2006-0437.html MISC:RHSA-2006:0575 URL:http://www.redhat.com/support/errata/RHSA-2006-0575.html MISC:RHSA-2006:0579 URL:http://www.redhat.com/support/errata/RHSA-2006-0579.html MISC:SUSE-SA:2006:028 URL:http://www.novell.com/linux/security/advisories/2006-05-31.html MISC:SUSE-SU-2014:0446 URL:http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html MISC:USN-302-1 URL:http://www.ubuntu.com/usn/usn-302-1 MISC:[linux-kernel] 20060419 RE: Linux 2.6.16.9 URL:http://marc.info/?l=linux-kernel&m=114548768214478&w=2 MISC:amd-fpu-information-disclosure(25871) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/25871 MISC:http://kb.vmware.com/kb/2533126 URL:http://kb.vmware.com/kb/2533126 MISC:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9 URL:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9 MISC:http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt URL:http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm MISC:http://www.vmware.com/download/esx/esx-213-200610-patch.html URL:http://www.vmware.com/download/esx/esx-213-200610-patch.html MISC:http://www.vmware.com/download/esx/esx-254-200610-patch.html URL:http://www.vmware.com/download/esx/esx-254-200610-patch.html MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910 MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911 MISC:oval:org.mitre.oval:def:9995 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995
Assigning CNA
Red Hat, Inc.
Date Record Created
20060307	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060307)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)