CVE-2009-2910 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 83.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

13

Linux Kernel Canonical Ubuntu Linux Fedoraproject Fedora +10 more

Timeline

PublishedOct 20

Latest updateMay 2

Description

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages10 packages

▶NVDlinux/linux_kernel< 2.6.31.4

▶NVDsuse/linux_enterprise_server10, 9+1

▶NVDsuse/linux_enterprise_desktop10

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

Also affects: Ubuntu Linux 6.06, 8.04, 8.10, 9.04, 9.10, Enterprise Linux 5.4, Fedora 10

Patches

Patch: lkml.org ↗Patch: bugzilla.redhat.com ↗Patch: lkml.org ↗

🔴Vulnerability Details

2

GHSA

GHSA-5pv7-vwpf-wfrm: arch/x86/ia32/ia32entry↗2022-05-02

▶

CVEList

CVE-2009-2910: arch/x86/ia32/ia32entry↗2009-10-20

▶

📋Vendor Advisories

2

Ubuntu

Linux kernel vulnerabilities↗2009-12-05

▶

Red Hat

kernel: x86_64 32 bit process register leak↗2009-10-01

▶

💬Community

1

Bugzilla

CVE-2009-2910 kernel: x86_64 32 bit process register leak↗2009-10-01

▶

CVE-2009-2910 — Sensitive Information Exposure | cvebase