CVE - CVE-2009-2910

CVE-ID
CVE-2009-2910	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[linux-kernel] 20091001 [tip:x86/urgent] x86: Don't leak 64-bit kernel register values to 32-bit processes URL:http://lkml.org/lkml/2009/10/1/164 MLIST:[oss-security] 20091001 CVE Request (kernel) URL:http://marc.info/?l=oss-security&m=125442304214452&w=2 MLIST:[oss-security] 20091002 Re: CVE Request (kernel) URL:http://marc.info/?l=oss-security&m=125444390112831&w=2 MLIST:[oss-security] 20091009 Re: CVE Request (kernel) URL:http://marc.info/?l=oss-security&m=125511635004768&w=2 MLIST:[oss-security] 20091001 Re: CVE Request (kernel) URL:http://www.openwall.com/lists/oss-security/2009/10/02/1 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git;a=commit;h=24e35800cdc4350fc34e2bed37b608a9e13ab3b6 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=526788 CONFIRM:http://support.avaya.com/css/P8/documents/100073666 FEDORA:FEDORA-2009-10525 URL:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html REDHAT:RHSA-2009:1540 URL:https://rhn.redhat.com/errata/RHSA-2009-1540.html REDHAT:RHSA-2009:1671 URL:http://www.redhat.com/support/errata/RHSA-2009-1671.html REDHAT:RHSA-2010:0046 URL:https://rhn.redhat.com/errata/RHSA-2010-0046.html REDHAT:RHSA-2010:0095 URL:https://rhn.redhat.com/errata/RHSA-2010-0095.html SUSE:SUSE-SA:2009:054 URL:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html SUSE:SUSE-SA:2009:056 URL:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html SUSE:SUSE-SA:2010:012 URL:http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html UBUNTU:USN-864-1 URL:http://www.ubuntu.com/usn/usn-864-1 BID:36576 URL:http://www.securityfocus.com/bid/36576 OVAL:oval:org.mitre.oval:def:10823 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10823 OVAL:oval:org.mitre.oval:def:7359 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7359 SECUNIA:36927 URL:http://secunia.com/advisories/36927 SECUNIA:37075 URL:http://secunia.com/advisories/37075 SECUNIA:37351 URL:http://secunia.com/advisories/37351
Assigning CNA
N/A
Date Entry Created
20090820	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090820)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org