CVE-2004-0565

Linux 2.4.x - Info Disclosure

Title source: llm

Description

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

References (15)

[Vendor Advisory] http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2004:066

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-504.html

[Vendor Advisory] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16644

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/10687

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1067

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1069

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1070

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1082

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714

[Third Party Advisory] http://secunia.com/advisories/20162

[Third Party Advisory] http://secunia.com/advisories/20163

[Third Party Advisory] http://secunia.com/advisories/20202

[Third Party Advisory] http://secunia.com/advisories/20338

Scores

EPSS 0.0007

EPSS Percentile 22.2%

Classification

Status draft

Affected Products (10)

mandrakesoft/mandrake_multi_network_firewall

gentoo/linux

linux/linux_kernel

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux_corporate_server

trustix/secure_linux

Timeline

Published Dec 06, 2004

Tracked Since Feb 18, 2026