CVE-2006-0744 Information

Description

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs which reports an exception in the SYSRET instead of the next instruction which causes the kernel exception handler to run on the user stack with the wrong GS.

Reference

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5 http://lwn.net/Alerts/180820/ http://secunia.com/advisories/19639 http://secunia.com/advisories/19735 http://secunia.com/advisories/20157 http://secunia.com/advisories/20237 http://secunia.com/advisories/20398 http://secunia.com/advisories/20716 http://secunia.com/advisories/20914 http://secunia.com/advisories/21136 http://secunia.com/advisories/21179 http://secunia.com/advisories/21498 http://secunia.com/advisories/21745 http://secunia.com/advisories/21983 http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm http://www.debian.org/security/2006/dsa-1103 http://www.mandriva.com/security/advisories?name=MDKSA-2006:086 http://www.mandriva.com/security/advisories?name=MDKSA-2006:150 http://www.novell.com/linux/security/advisories/2006_42_kernel.html http://www.novell.com/linux/security/advisories/2006_47_kernel.html http://www.novell.com/linux/security/advisories/2006-05-31.html http://www.osvdb.org/24639 http://www.redhat.com/support/errata/RHSA-2006-0437.html http://www.redhat.com/support/errata/RHSA-2006-0493.html http://www.securityfocus.com/bid/17541 http://www.ubuntu.com/usn/usn-302-1 http://www.vupen.com/english/advisories/2006/1390 http://www.vupen.com/english/advisories/2006/1475 http://www.vupen.com/english/advisories/2006/2554 https://exchange.xforce.ibmcloud.com/vulnerabilities/25869 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9732