129050 – FPU Information leak on i386/x86-64 on AMD CPUs (CVE-2006-1056)

Bug 129050 - FPU Information leak on i386/x86-64 on AMD CPUs (CVE-2006-1056)

Summary: FPU Information leak on i386/x86-64 on AMD CPUs (CVE-2006-1056)

Status:	RESOLVED DUPLICATE of bug 130028

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	RESTRICTED 14042006
Keywords:

Depends on:
Blocks:

Reported:	2006-04-06 11:25 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2007-04-07 10:24 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-04-06 11:25:02 UTC

Jan Beulich found a information leak between processes in the FPU information 
on x87 under i386/x86-64. Xen is also affected.

From his description:

>>
AMD documents the behavior of their FXSAVE/FXRSTOR instructions
differently than Intel: AMD saves/restores the instruction/operand
pointers and opcode only when the exception summary bit is set in the
(incoming/outgoing) status word. This by itself would be fine (except
for being incompatible), if they at least cleared these fields during a
context restore. Unfortunately they don't, which makes it very simple to
follow the stream of floating point instructions (since, even if they  
may not save these fields during FXSAVE, they have to capture their
values to make them eventually visible through FSAVE/FSTENV).

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2006-04-15 04:00:53 UTC


*** This bug has been marked as a duplicate of 130028 ***