CVE-2008-0598
Published: 30 June 2008
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
From the Ubuntu Security Team
Tavis Ormandy discovered that the ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy.
Notes
Author | Note |
---|---|
kees | needs http://lkml.org/lkml/diff/2008/6/25/157/1 maybe linux-2.6: 64649a58919e66ec21792dbb6c48cb3da22cbd7f |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Not vulnerable
|
|
upstream |
Released
(2.6.24)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-52.69)
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Needed
|
|
linux-source-2.6.17 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Not vulnerable
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Not vulnerable
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
|