Description: A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information. The security issue is caused due to an error in the implementation of the "sigaltstack()" function and can be exploited to disclose a limited amount of kernel stack memory. Successful exploitation may require that the kernel is running on a 64-bit platform. Solution: Fixed in the GIT repository. Original Advisory: http://git.kernel.org/linus/0083fc2c50e6c5127c2802ad323adf8143ab7856
CVE-2009-2847 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2847): The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.