CVE-2004-0565

medium

Description

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714

https://exchange.xforce.ibmcloud.com/vulnerabilities/16644

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734

http://www.securityfocus.com/bid/10687

http://www.redhat.com/support/errata/RHSA-2004-504.html

http://www.mandriva.com/security/advisories?name=MDKSA-2004:066

http://www.debian.org/security/2006/dsa-1082

http://www.debian.org/security/2006/dsa-1070

http://www.debian.org/security/2006/dsa-1069

http://www.debian.org/security/2006/dsa-1067

http://secunia.com/advisories/20338

http://secunia.com/advisories/20202

http://secunia.com/advisories/20163

http://secunia.com/advisories/20162

http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html

Details

Source: Mitre, NVD

Published: 2004-12-06

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

Detections

Analytics