Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 230583 (CVE-2008-2729) - Kernel: copy_user memory disclosure (CVE-2008-2729)
Summary: Kernel: copy_user memory disclosure (CVE-2008-2729)
Status: RESOLVED FIXED
Alias: CVE-2008-2729
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.19]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-07-02 23:34 UTC by Robert Buchholz (RETIRED)
Modified: 2013-09-05 03:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-07-02 23:34:46 UTC
CVE-2008-2729 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2729):
  arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64
  systems does not erase destination memory locations after an exception during
  kernel memory copy, which allows local users to obtain sensitive information.
Comment 1 Kerin Millar 2009-07-20 19:16:55 UTC
hardened-kernel unaffected at present time. Removing alias. CC'ing in maintainers of openvz-sources and usermode-sources as affected versions still appear to be in the tree.
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2009-07-21 12:40:23 UTC
openvz-sources-2.6.27 are now stable, so openvz-sources are unaffected I think. Right?