CVE-2004-0565

Current Description

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

Basic Data

PublishedDecember 06, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMandrakesoftMandrake Multi Network Firewall8.2*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux********
    2.3OSLinuxLinux Kernel2.4.0*******
    2.3OSMandrakesoftMandrake Linux9.1*******
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSTrustixSecure Linux2*******
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.1*******

Vulnerable Software List

VendorProductVersions
Mandrakesoft Mandrake Multi Network Firewall 8.2
Mandrakesoft Mandrake Linux 10.0, 9.1, 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1
Linux Linux Kernel 2.4.0
Trustix Secure Linux 2, 2.0, 2.1
Gentoo Linux *

References

NameSourceURLTags
[owl-users] 20040619 Linux 2.4.26-ow2http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.htmlMLISTVendor Advisory
20162http://secunia.com/advisories/20162SECUNIA
20163http://secunia.com/advisories/20163SECUNIA
20202http://secunia.com/advisories/20202SECUNIA
20338http://secunia.com/advisories/20338SECUNIA
DSA-1067http://www.debian.org/security/2006/dsa-1067DEBIAN
DSA-1069http://www.debian.org/security/2006/dsa-1069DEBIAN
DSA-1070http://www.debian.org/security/2006/dsa-1070DEBIAN
DSA-1082http://www.debian.org/security/2006/dsa-1082DEBIAN
MDKSA-2004:066http://www.mandriva.com/security/advisories?name=MDKSA-2004:066MANDRAKE
RHSA-2004:504http://www.redhat.com/support/errata/RHSA-2004-504.htmlREDHAT
10687http://www.securityfocus.com/bid/10687BID
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734MISCVendor Advisory
linux-ia64-info-disclosure(16644)https://exchange.xforce.ibmcloud.com/vulnerabilities/16644XF
oval:org.mitre.oval:def:10714https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714OVAL