1. CVE-Search
  2. CVE-2004-0565
ID CVE-2004-0565
Summary Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
References
Vulnerable Configurations
  • cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:2:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:2:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2013-04-29T04:08:00.317-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
family unix
id oval:org.mitre.oval:def:10714
status accepted
submitted 2010-07-09T03:56:16-04:00
title Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
version 29
redhat via4
advisories
rhsa
id RHSA-2004:504
rpms
  • kernel-0:2.4.21-27.0.1.EL
  • kernel-BOOT-0:2.4.21-27.0.1.EL
  • kernel-debuginfo-0:2.4.21-27.0.1.EL
  • kernel-doc-0:2.4.21-27.0.1.EL
  • kernel-hugemem-0:2.4.21-27.0.1.EL
  • kernel-hugemem-unsupported-0:2.4.21-27.0.1.EL
  • kernel-smp-0:2.4.21-27.0.1.EL
  • kernel-smp-unsupported-0:2.4.21-27.0.1.EL
  • kernel-source-0:2.4.21-27.0.1.EL
  • kernel-unsupported-0:2.4.21-27.0.1.EL
refmap via4
bid 10687
debian
  • DSA-1067
  • DSA-1069
  • DSA-1070
  • DSA-1082
mandrake MDKSA-2004:066
misc https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
mlist [owl-users] 20040619 Linux 2.4.26-ow2
secunia
  • 20162
  • 20163
  • 20202
  • 20338
xf linux-ia64-info-disclosure(16644)
Last major update 11-10-2017 - 01:29
Published 06-12-2004 - 05:00
Last modified 11-10-2017 - 01:29
Back to Top