Linux kernel arch/x86_64/lib/copy_user.s destination memory information disclosure

linux-kernel-destination-info-disclosure (43558)

Low Risk

Description:

The Linux kernel could allow a local attacker to obtain sensitive information, caused by the failure to erase destination memory locations after an exception by the arch/x86_64/lib/copy_user.s file. An attacker could exploit this vulnerability to obtain sensitive kernel information from the system.

Platforms Affected:

• Canonical, Ubuntu 6.06 LTS
• Canonical, Ubuntu 7.04
• Canonical, Ubuntu 7.10
• Canonical, Ubuntu 8.04 LTS
• Debian, Debian Linux 4.0
• Linux, Kernel 2.6.0 test9
• Linux, Kernel 2.6.0 test8
• Linux, Kernel 2.6.0 test7
• Linux, Kernel 2.6.0 test6
• Linux, Kernel 2.6.0 test5
• Linux, Kernel 2.6.0 test4
• Linux, Kernel 2.6.0 test3
• Linux, Kernel 2.6.0 test2
• Linux, Kernel 2.6.0 test11
• Linux, Kernel 2.6.0 test10
• Linux, Kernel 2.6.0 test1
• Linux, Kernel 2.6.0
• Linux, Kernel 2.6.1 rc3
• Linux, Kernel 2.6.1 rc2
• Linux, Kernel 2.6.1 rc1
• Linux, Kernel 2.6.1
• Linux, Kernel 2.6.10 rc2
• Linux, Kernel 2.6.10 rc3
• Linux, Kernel 2.6.10
• Linux, Kernel 2.6.10 rc1
• Linux, Kernel 2.6.11 rc2
• Linux, Kernel 2.6.11 rc3
• Linux, Kernel 2.6.11 rc4
• Linux, Kernel 2.6.11
• Linux, Kernel 2.6.11 rc5
• Linux, Kernel 2.6.11 rc1
• Linux, Kernel 2.6.11.1
• Linux, Kernel 2.6.11.10
• Linux, Kernel 2.6.11.11
• Linux, Kernel 2.6.11.12
• Linux, Kernel 2.6.11.2
• Linux, Kernel 2.6.11.3
• Linux, Kernel 2.6.11.4
• Linux, Kernel 2.6.11.5
• Linux, Kernel 2.6.11.6
• Linux, Kernel 2.6.11.7
• Linux, Kernel 2.6.11.8
• Linux, Kernel 2.6.11.9
• Linux, Kernel 2.6.12 rc5
• Linux, Kernel 2.6.12 rc6
• Linux, Kernel 2.6.12 rc4
• Linux, Kernel 2.6.12
• Linux, Kernel 2.6.12 rc1
• Linux, Kernel 2.6.12 rc2
• Linux, Kernel 2.6.12 rc3
• Linux, Kernel 2.6.12.1
• Linux, Kernel 2.6.12.12
• Linux, Kernel 2.6.12.2
• Linux, Kernel 2.6.12.22
• Linux, Kernel 2.6.12.3
• Linux, Kernel 2.6.12.4
• Linux, Kernel 2.6.12.5
• Linux, Kernel 2.6.12.6
• Linux, Kernel 2.6.13 rc4
• Linux, Kernel 2.6.13 rc3
• Linux, Kernel 2.6.13 rc2
• Linux, Kernel 2.6.13 rc1
• Linux, Kernel 2.6.13 rc5
• Linux, Kernel 2.6.13 rc6
• Linux, Kernel 2.6.13 rc7
• Linux, Kernel 2.6.13
• Linux, Kernel 2.6.13.1
• Linux, Kernel 2.6.13.2
• Linux, Kernel 2.6.13.3
• Linux, Kernel 2.6.13.4
• Linux, Kernel 2.6.13.5
• Linux, Kernel 2.6.14
• Linux, Kernel 2.6.14 rc1
• Linux, Kernel 2.6.14 rc3
• Linux, Kernel 2.6.14 rc4
• Linux, Kernel 2.6.14 rc2
• Linux, Kernel 2.6.14 rc5
• Linux, Kernel 2.6.14.1
• Linux, Kernel 2.6.14.2
• Linux, Kernel 2.6.14.3
• Linux, Kernel 2.6.14.4
• Linux, Kernel 2.6.14.5
• Linux, Kernel 2.6.14.6
• Linux, Kernel 2.6.14.7
• Linux, Kernel 2.6.15 rc7
• Linux, Kernel 2.6.15 rc1
• Linux, Kernel 2.6.15
• Linux, Kernel 2.6.15 rc2
• Linux, Kernel 2.6.15 rc6
• Linux, Kernel 2.6.15 rc3
• Linux, Kernel 2.6.15 rc4
• Linux, Kernel 2.6.15 rc5
• Linux, Kernel 2.6.15.1
• Linux, Kernel 2.6.15.11
• Linux, Kernel 2.6.15.2
• Linux, Kernel 2.6.15.3
• Linux, Kernel 2.6.15.4
• Linux, Kernel 2.6.15.5
• Linux, Kernel 2.6.15.6
• Linux, Kernel 2.6.15.7
• Linux, Kernel 2.6.16 rc6
• Linux, Kernel 2.6.16 rc5
• Linux, Kernel 2.6.16 rc4
• Linux, Kernel 2.6.16 rc3
• Linux, Kernel 2.6.16
• Linux, Kernel 2.6.16 rc7
• Linux, Kernel 2.6.16.1
• Linux, Kernel 2.6.16.10
• Linux, Kernel 2.6.16.11
• Linux, Kernel 2.6.16.12
• Linux, Kernel 2.6.16.13
• Linux, Kernel 2.6.16.14
• Linux, Kernel 2.6.16.15
• Linux, Kernel 2.6.16.16
• Linux, Kernel 2.6.16.17
• Linux, Kernel 2.6.16.18
• Linux, Kernel 2.6.16.19
• Linux, Kernel 2.6.16.2
• Linux, Kernel 2.6.16.20
• Linux, Kernel 2.6.16.21
• Linux, Kernel 2.6.16.22
• Linux, Kernel 2.6.16.23
• Linux, Kernel 2.6.16.24
• Linux, Kernel 2.6.16.25
• Linux, Kernel 2.6.16.26
• Linux, Kernel 2.6.16.27
• Linux, Kernel 2.6.16.28
• Linux, Kernel 2.6.16.29
• Linux, Kernel 2.6.16.3
• Linux, Kernel 2.6.16.30
• Linux, Kernel 2.6.16.31
• Linux, Kernel 2.6.16.32
• Linux, Kernel 2.6.16.33
• Linux, Kernel 2.6.16.34
• Linux, Kernel 2.6.16.35
• Linux, Kernel 2.6.16.36
• Linux, Kernel 2.6.16.37
• Linux, Kernel 2.6.16.38
• Linux, Kernel 2.6.16.39
• Linux, Kernel 2.6.16.4
• Linux, Kernel 2.6.16.40
• Linux, Kernel 2.6.16.41
• Linux, Kernel 2.6.16.43
• Linux, Kernel 2.6.16.44
• Linux, Kernel 2.6.16.45
• Linux, Kernel 2.6.16.46
• Linux, Kernel 2.6.16.47
• Linux, Kernel 2.6.16.48
• Linux, Kernel 2.6.16.49
• Linux, Kernel 2.6.16.5
• Linux, Kernel 2.6.16.50
• Linux, Kernel 2.6.16.51
• Linux, Kernel 2.6.16.52
• Linux, Kernel 2.6.16.53
• Linux, Kernel 2.6.16.6
• Linux, Kernel 2.6.16.7
• Linux, Kernel 2.6.16.8
• Linux, Kernel 2.6.16.9
• Linux, Kernel 2.6.17
• Linux, Kernel 2.6.17 rc1
• Linux, Kernel 2.6.17 rc6
• Linux, Kernel 2.6.17 rc5
• Linux, Kernel 2.6.17 rc4
• Linux, Kernel 2.6.17 rc3
• Linux, Kernel 2.6.17 rc2
• Linux, Kernel 2.6.17.1
• Linux, Kernel 2.6.17.10
• Linux, Kernel 2.6.17.11
• Linux, Kernel 2.6.17.12
• Linux, Kernel 2.6.17.13
• Linux, Kernel 2.6.17.14
• Linux, Kernel 2.6.17.2
• Linux, Kernel 2.6.17.3
• Linux, Kernel 2.6.17.4
• Linux, Kernel 2.6.17.5
• Linux, Kernel 2.6.17.6
• Linux, Kernel 2.6.17.7
• Linux, Kernel 2.6.17.8
• Linux, Kernel 2.6.17.9
• Linux, Kernel 2.6.18 rc5
• Linux, Kernel 2.6.18 rc2
• Linux, Kernel 2.6.18 rc1
• Linux, Kernel 2.6.18 rc3
• Linux, Kernel 2.6.18 rc4
• Linux, Kernel 2.6.18 rc6
• Linux, Kernel 2.6.18 rc7
• Linux, Kernel 2.6.18
• Linux, Kernel 2.6.18.1
• Linux, Kernel 2.6.18.10
• Linux, Kernel 2.6.18.11
• Linux, Kernel 2.6.18.12
• Linux, Kernel 2.6.18.13
• Linux, Kernel 2.6.18.14
• Linux, Kernel 2.6.18.15
• Linux, Kernel 2.6.18.16
• Linux, Kernel 2.6.18.17
• Linux, Kernel 2.6.18.18
• Linux, Kernel 2.6.18.19
• Linux, Kernel 2.6.18.2
• Linux, Kernel 2.6.18.20
• Linux, Kernel 2.6.18.21
• Linux, Kernel 2.6.18.22
• Linux, Kernel 2.6.18.23
• Linux, Kernel 2.6.18.24
• Linux, Kernel 2.6.18.25
• Linux, Kernel 2.6.18.26
• Linux, Kernel 2.6.18.27
• Linux, Kernel 2.6.18.28
• Linux, Kernel 2.6.18.29
• Linux, Kernel 2.6.18.3
• Linux, Kernel 2.6.18.30
• Linux, Kernel 2.6.18.31
• Linux, Kernel 2.6.18.32
• Linux, Kernel 2.6.18.33
• Linux, Kernel 2.6.18.34
• Linux, Kernel 2.6.18.35
• Linux, Kernel 2.6.18.36
• Linux, Kernel 2.6.18.37
• Linux, Kernel 2.6.18.38
• Linux, Kernel 2.6.18.39
• Linux, Kernel 2.6.18.4
• Linux, Kernel 2.6.18.40
• Linux, Kernel 2.6.18.41
• Linux, Kernel 2.6.18.42
• Linux, Kernel 2.6.18.43
• Linux, Kernel 2.6.18.44
• Linux, Kernel 2.6.18.45
• Linux, Kernel 2.6.18.46
• Linux, Kernel 2.6.18.47
• Linux, Kernel 2.6.18.48
• Linux, Kernel 2.6.18.49
• Linux, Kernel 2.6.18.5
• Linux, Kernel 2.6.18.50
• Linux, Kernel 2.6.18.51
• Linux, Kernel 2.6.18.52
• Linux, Kernel 2.6.18.53
• Linux, Kernel 2.6.18.6
• Linux, Kernel 2.6.18.7
• Linux, Kernel 2.6.18.8
• Linux, Kernel 2.6.18.9
• Linux, Kernel 2.6.19 rc3
• Linux, Kernel 2.6.19 rc4
• Linux, Kernel 2.6.19 rc2
• Linux, Kernel 2.6.19 rc1
• Linux, Kernel 2.6.2
• Linux, Kernel 2.6.2 rc1
• Linux, Kernel 2.6.2 rc3
• Linux, Kernel 2.6.2 rc2
• Linux, Kernel 2.6.3 rc2
• Linux, Kernel 2.6.3 rc3
• Linux, Kernel 2.6.3
• Linux, Kernel 2.6.3 rc1
• Linux, Kernel 2.6.3 rc4
• Linux, Kernel 2.6.4 rc1
• Linux, Kernel 2.6.4 rc3
• Linux, Kernel 2.6.4
• Linux, Kernel 2.6.4 rc2
• Linux, Kernel 2.6.5 rc2
• Linux, Kernel 2.6.5 rc3
• Linux, Kernel 2.6.5 rc1
• Linux, Kernel 2.6.5
• Linux, Kernel 2.6.6 rc3
• Linux, Kernel 2.6.6 rc2
• Linux, Kernel 2.6.6
• Linux, Kernel 2.6.6 rc1
• Linux, Kernel 2.6.7 rc1
• Linux, Kernel 2.6.7 rc2
• Linux, Kernel 2.6.7 rc3
• Linux, Kernel 2.6.7
• Linux, Kernel 2.6.8 rc4
• Linux, Kernel 2.6.8 rc3
• Linux, Kernel 2.6.8
• Linux, Kernel 2.6.8 rc1
• Linux, Kernel 2.6.8 rc2
• Linux, Kernel 2.6.8.1
• Linux, Kernel 2.6.9
• Linux, Kernel 2.6.9 rc4
• Linux, Kernel 2.6.9 rc3
• Linux, Kernel 2.6.9 rc2
• Linux, Kernel 2.6.9 rc1
• MandrakeSoft, Mandrake Linux Corporate Server 4.0
• MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
• RedHat, Enterprise Linux 4 ES
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Enterprise Linux 4 WS
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 5
• RedHat, Enterprise Linux 5 Client
• RedHat, Linux Advanced Workstation 2.1 Itanium

Remedy:

Upgrade to the latest version of the Linux kernel (2.6.25.10 or later), available from The Linux Kernel Archives Web site. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Obtain Information

References:

• Red Hat Bugzilla Bug 451271, CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception. at https://bugzilla.redhat.com/show_bug.cgi?id=451271.
• The Linux Kernel Archives Web site, The Linux Kernel Archives at http://www.kernel.org/.
• ASA-2008-287: kernel security and bug fix update (RHSA-2008-0508)
• BID-29942: Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
• BID-29943: Linux Kernel Memory Copy Exception Local Information Disclosure Vulnerability
• CVE-2008-2729: arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
• DSA-1630: linux-2.6 -- denial of service/information leak
• MDVSA-2008:174: kernel
• RHSA-2008-0508: Important: kernel security and bug fix update
• RHSA-2008-0519: Important: kernel security and bug fix update
• RHSA-2008-0585: Important: kernel security and bug fix update
• SECTRACK ID: 1020364: Linux Kernel AMD64 Memory Copy Bug Lets Local Users View Memory Contents
• USN-625-1: Linux kernel vulnerabilities

Reported:

Jun 25, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page