CVE-2004-0565 Information

Description

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner which allows local users to read register values of other processes by setting the MFH bit.

Reference

http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://www.debian.org/security/2006/dsa-1067 http://www.debian.org/security/2006/dsa-1069 http://www.debian.org/security/2006/dsa-1070 http://www.debian.org/security/2006/dsa-1082 http://www.mandriva.com/security/advisories?name=MDKSA-2004:066 http://www.redhat.com/support/errata/RHSA-2004-504.html http://www.securityfocus.com/bid/10687 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734 https://exchange.xforce.ibmcloud.com/vulnerabilities/16644 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10714