Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 289915 (CVE-2009-2910)

Summary: Kernel: 64 bit register information disclosure w/ ia32 processes (CVE-2009-2910)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git;a=commit;h=24e35800cdc4350fc34e2bed37b608a9e13ab3b6
Whiteboard: [linux <2.6.31.4] [gp <2.6.31-4]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-20 21:55:04 UTC 
CVE-2009-2910 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2910):
  arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the
  x86_64 platform does not clear certain kernel registers before a
  return to user mode, which allows local users to read register values
  from an earlier process by switching an ia32 process to 64-bit mode.