Bug 113328

Summary:	Kernel: Information leak in sys_get_thread_area (CVE-2005-3276)
Product:	Gentoo Security	Reporter:	Thierry Carrez (RETIRED) <koon>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	security-kernel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	[linux < 2.6.12.4]
Package list:		Runtime testing required:	---

Description Thierry Carrez (RETIRED) gentoo-dev

2005-11-23 02:08:45 UTC

In Ubuntu's USN-219-1:

Paolo Giarrusso discovered an information leak in the
sys_get_thread_area().  The returned structure was not properly
cleared, which exposed a small amount of kernel memory to userspace
programs. This could possibly expose confidential data.
(CVE-2005-3276)

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-11-26 09:23:30 UTC

Patch:

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1;hp=44456d37b59d8e541936ed26d8b6e08d27e88ac1

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2005-12-24 04:31:51 UTC

All fixed, closing bug.