Vulnerability Description
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mandrakesoft | Mandrake Multi Network Firewall | 8.2 |
| Gentoo | Linux | All versions |
| Linux | Linux Kernel | 2.4.0 |
| Mandrakesoft | Mandrake Linux | 9.1 |
| Mandrakesoft | Mandrake Linux Corporate Server | 2.1 |
| Trustix | Secure Linux | 2 |
References
- http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.htmlVendor Advisory
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:066
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.securityfocus.com/bid/10687
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16644
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2004-0565?
CVE-2004-0565 is a vulnerability with a CVSS score of 2.1 (LOW). Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processe...
How severe is CVE-2004-0565?
CVE-2004-0565 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0565?
Check the references section above for vendor advisories and patch information. Affected products include: Mandrakesoft Mandrake Multi Network Firewall, Gentoo Linux, Linux Linux Kernel, Mandrakesoft Mandrake Linux, Mandrakesoft Mandrake Linux Corporate Server.