Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 193386

Summary: Kernel x86_64: Zero extend all registers after ptrace in 32bit entry path (CVE-2007-4573)
Product: Gentoo Security Reporter: Christian Heim (RETIRED) <phreak>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bernd, carlo, chainsaw, jaervosz, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7
Whiteboard: [linux < 2.4.35.3][linux > 2.6 < 2.6.22.7][genpatches < 2.6.20-17][genpatches >= 2.6.21 < 2.6.22-8]
Package list:
Runtime testing required: ---

Description Christian Heim (RETIRED) gentoo-dev 2007-09-22 07:19:37 UTC 
x86_64: Zero extend all registers after ptrace in 32bit entry path.
    
Strictly it's only needed for eax. It actually does a little more than strictly needed -- the other registers are already zero extended.
    
Also remove the now unnecessary and non functional compat task check in ptrace.

-- genpatches provides a fix w/ 2.6.22-8 (including 2.6.22.7).
Comment 1 Christian Heim (RETIRED) gentoo-dev 2007-09-23 16:24:47 UTC 
genpatches-2.6.20-17 also contains the patch.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-26 09:37:31 UTC 
unrestricting, this is public now:
http://secunia.com/advisories/26934/
Comment 3 Sven Wegener gentoo-dev 2007-10-11 14:13:16 UTC 
*** Bug 195501 has been marked as a duplicate of this bug. ***
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2007-10-23 20:18:17 UTC 
*** Bug 196826 has been marked as a duplicate of this bug. ***