Vulnerability Description
The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.4.0 |
References
- http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6
- http://search.luky.org/linux-kernel.2002/msg24003.html
- http://search.luky.org/linux-kernel.2002/msg24992.html
- http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html
- http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html
- http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6
- http://search.luky.org/linux-kernel.2002/msg24003.html
- http://search.luky.org/linux-kernel.2002/msg24992.html
- http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html
- http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html
FAQ
What is CVE-2002-1571?
CVE-2002-1571 is a vulnerability with a CVSS score of 2.1 (LOW). The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.
How severe is CVE-2002-1571?
CVE-2002-1571 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1571?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.