CVE - CVE-2009-2910

CVE-ID
CVE-2009-2910	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:36576 URL:http://www.securityfocus.com/bid/36576 MISC:36927 URL:http://secunia.com/advisories/36927 MISC:37075 URL:http://secunia.com/advisories/37075 MISC:37351 URL:http://secunia.com/advisories/37351 MISC:FEDORA-2009-10525 URL:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html MISC:RHSA-2009:1540 URL:https://rhn.redhat.com/errata/RHSA-2009-1540.html MISC:RHSA-2009:1671 URL:http://www.redhat.com/support/errata/RHSA-2009-1671.html MISC:RHSA-2010:0046 URL:https://rhn.redhat.com/errata/RHSA-2010-0046.html MISC:RHSA-2010:0095 URL:https://rhn.redhat.com/errata/RHSA-2010-0095.html MISC:SUSE-SA:2009:054 URL:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html MISC:SUSE-SA:2009:056 URL:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html MISC:SUSE-SA:2010:012 URL:http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html MISC:USN-864-1 URL:http://www.ubuntu.com/usn/usn-864-1 MISC:[linux-kernel] 20091001 [tip:x86/urgent] x86: Don't leak 64-bit kernel register values to 32-bit processes URL:http://lkml.org/lkml/2009/10/1/164 MISC:[oss-security] 20091001 CVE Request (kernel) URL:http://marc.info/?l=oss-security&m=125442304214452&w=2 MISC:[oss-security] 20091001 Re: CVE Request (kernel) URL:http://www.openwall.com/lists/oss-security/2009/10/02/1 MISC:[oss-security] 20091002 Re: CVE Request (kernel) URL:http://marc.info/?l=oss-security&m=125444390112831&w=2 MISC:[oss-security] 20091009 Re: CVE Request (kernel) URL:http://marc.info/?l=oss-security&m=125511635004768&w=2 MISC:http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git%3Ba=commit%3Bh=24e35800cdc4350fc34e2bed37b608a9e13ab3b6 URL:http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git%3Ba=commit%3Bh=24e35800cdc4350fc34e2bed37b608a9e13ab3b6 MISC:http://support.avaya.com/css/P8/documents/100073666 URL:http://support.avaya.com/css/P8/documents/100073666 MISC:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4 URL:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=526788 URL:https://bugzilla.redhat.com/show_bug.cgi?id=526788 MISC:oval:org.mitre.oval:def:10823 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10823 MISC:oval:org.mitre.oval:def:7359 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7359
Assigning CNA
Red Hat, Inc.
Date Record Created
20090820	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090820)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.