CVE-2008-2729

Linux Kernel < 2.6.19 - Information Disclosure

Title source: rule

Description

arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.

References (17)

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=3022d734a54cbd2b65eea9a024564821101b4a9a%3Bhp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2008-0508.html

[Broken Link] http://secunia.com/advisories/30849

[Broken Link] http://secunia.com/advisories/30850

[Broken Link] http://secunia.com/advisories/31107

[Broken Link] http://secunia.com/advisories/31551

[Broken Link] http://secunia.com/advisories/31628

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1630

[Broken Link] http://www.mandriva.com/security/advisories?name=MDVSA-2008:174

[Broken Link] http://www.redhat.com/support/errata/RHSA-2008-0519.html

[Broken Link] http://www.redhat.com/support/errata/RHSA-2008-0585.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29943

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020364

[Third Party Advisory] http://www.ubuntu.com/usn/usn-625-1

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=451271

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43558

[Tool Signature] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11571

Scores

EPSS 0.0006

EPSS Percentile 18.7%

Classification

CWE

CWE-200

Status draft

Affected Products (1)

linux/linux_kernel < 2.6.19

Timeline

Published Jun 30, 2008

Tracked Since Feb 18, 2026