Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 230583 (CVE-2008-2729)

Summary: Kernel: copy_user memory disclosure (CVE-2008-2729)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: dang
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff
Whiteboard: [linux <2.6.19]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-07-02 23:34:46 UTC 
CVE-2008-2729 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2729):
  arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64
  systems does not erase destination memory locations after an exception during
  kernel memory copy, which allows local users to obtain sensitive information.
Comment 1 kfm 2009-07-20 19:16:55 UTC 
hardened-kernel unaffected at present time. Removing alias. CC'ing in maintainers of openvz-sources and usermode-sources as affected versions still appear to be in the tree.
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2009-07-21 12:40:23 UTC 
openvz-sources-2.6.27 are now stable, so openvz-sources are unaffected I think. Right?