1. Home
  2. CVE Database
  3. CVE-2008-3901
LOW · 2.1

CVE-2008-3901

Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local us...

Vulnerability Description

Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
LinuxLinux Kernel2.6.16
Suspend2Software Suspend 22-2.2.1

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2008-3901?

CVE-2008-3901 is a vulnerability with a CVSS score of 2.1 (LOW). Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local us...

How severe is CVE-2008-3901?

CVE-2008-3901 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3901?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suspend2 Software Suspend 2.