113328 – Kernel: Information leak in sys_get_thread_area (CVE-2005-3276)

Bug 113328 - Kernel: Information leak in sys_get_thread_area (CVE-2005-3276)

Summary: Kernel: Information leak in sys_get_thread_area (CVE-2005-3276)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	[linux < 2.6.12.4]
Keywords:

Depends on:
Blocks:

Reported:	2005-11-23 02:08 UTC by Thierry Carrez (RETIRED)
Modified:	2009-05-03 15:53 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-11-23 02:08:45 UTC

In Ubuntu's USN-219-1:

Paolo Giarrusso discovered an information leak in the
sys_get_thread_area().  The returned structure was not properly
cleared, which exposed a small amount of kernel memory to userspace
programs. This could possibly expose confidential data.
(CVE-2005-3276)

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-11-26 09:23:30 UTC

Patch:

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1;hp=44456d37b59d8e541936ed26d8b6e08d27e88ac1

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2005-12-24 04:31:51 UTC

All fixed, closing bug.