CVE - CVE-2009-1192

CVE-ID
CVE-2009-1192	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090516 rPSA-2009-0084-1 kernel URL:http://www.securityfocus.com/archive/1/503610/100/0/threaded BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded MLIST:[oss-security] 20090422 CVE-2009-1192 kernel: agp: zero pages before sending to userspace URL:http://openwall.com/lists/oss-security/2009/04/22/2 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=59de2bebabc5027f93df999d59cc65df591c3e6e CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc3 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=497020 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0084 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html DEBIAN:DSA-1787 URL:http://www.debian.org/security/2009/dsa-1787 DEBIAN:DSA-1794 URL:http://www.debian.org/security/2009/dsa-1794 DEBIAN:DSA-1800 URL:http://www.debian.org/security/2009/dsa-1800 MANDRIVA:MDVSA-2009:119 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:119 MANDRIVA:MDVSA-2009:135 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 REDHAT:RHSA-2009:1081 URL:http://www.redhat.com/support/errata/RHSA-2009-1081.html SUSE:SUSE-SA:2009:032 URL:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html SUSE:SUSE-SA:2009:054 URL:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html SUSE:SUSE-SA:2009:056 URL:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html UBUNTU:USN-793-1 URL:http://www.ubuntu.com/usn/usn-793-1 BID:34673 URL:http://www.securityfocus.com/bid/34673 OVAL:oval:org.mitre.oval:def:10567 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10567 OVAL:oval:org.mitre.oval:def:8003 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8003 SECUNIA:34981 URL:http://secunia.com/advisories/34981 SECUNIA:35011 URL:http://secunia.com/advisories/35011 SECUNIA:35121 URL:http://secunia.com/advisories/35121 SECUNIA:35120 URL:http://secunia.com/advisories/35120 SECUNIA:35387 URL:http://secunia.com/advisories/35387 SECUNIA:37351 URL:http://secunia.com/advisories/37351 SECUNIA:37471 URL:http://secunia.com/advisories/37471 SECUNIA:35656 URL:http://secunia.com/advisories/35656 SECUNIA:35343 URL:http://secunia.com/advisories/35343 VUPEN:ADV-2009-3316 URL:http://www.vupen.com/english/advisories/2009/3316
Assigning CNA
N/A
Date Entry Created
20090331	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090331)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org