Vulnerability Description
arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 2.6.19 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%
- http://rhn.redhat.com/errata/RHSA-2008-0508.htmlThird Party Advisory
- http://secunia.com/advisories/30849Broken Link
- http://secunia.com/advisories/30850Broken Link
- http://secunia.com/advisories/31107Broken Link
- http://secunia.com/advisories/31551Broken Link
- http://secunia.com/advisories/31628Broken Link
- http://www.debian.org/security/2008/dsa-1630Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:174Broken Link
- http://www.redhat.com/support/errata/RHSA-2008-0519.htmlBroken Link
- http://www.redhat.com/support/errata/RHSA-2008-0585.htmlBroken Link
- http://www.securityfocus.com/bid/29943Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1020364Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/usn-625-1Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=451271Issue TrackingThird Party Advisory
FAQ
What is CVE-2008-2729?
CVE-2008-2729 is a vulnerability with a CVSS score of 4.9 (MEDIUM). arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users t...
How severe is CVE-2008-2729?
CVE-2008-2729 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2729?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.