CVE-2009-2910

Published: Oct 20, 2009Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

Affected (18)

Products: Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Debuginfo, Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit · +3 more

Show all products

Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Debuginfo, Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation, Virtualization · Fedoraproject: Fedora

1 product

1 product

4 products

Linux Enterprise Debuginfo

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Software Development Kit

Canonical

1 product

Ubuntu Linux

Redhat

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Virtualization

Fedoraproject

1 product

Fedora

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 2.6.31.4

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.0
Suse Linux Enterprise Debuginfo	Version 10 sp2
Suse Linux Enterprise Desktop	Version 10 sp2
Suse Linux Enterprise Server	Version 10 sp2
Suse Linux Enterprise Server	Version 9
Suse Linux Enterprise Software Development Kit	Version 10 sp2

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Eus	Version 5.4
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Virtualization	Version 5

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 10

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (48)

http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git%3Ba=commit%3Bh=24e35800cdc4350fc34e2bed37b608a9e13ab3b6

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lkml.org/lkml/2009/10/1/164

Source: secalert@redhat.com

PatchThird Party Advisory

http://marc.info/?l=oss-security&m=125442304214452&w=2

Source: secalert@redhat.com

Third Party Advisory

http://marc.info/?l=oss-security&m=125444390112831&w=2

Source: secalert@redhat.com

Third Party Advisory

http://marc.info/?l=oss-security&m=125511635004768&w=2

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/36927

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/37075

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/37351

Source: secalert@redhat.com

Third Party Advisory

http://support.avaya.com/css/P8/documents/100073666

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2009/10/02/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-1671.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/36576

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-864-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=526788

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10823

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7359

Source: secalert@redhat.com

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2009-1540.html

Source: secalert@redhat.com

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2010-0046.html

Source: secalert@redhat.com

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Source: secalert@redhat.com

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html

Source: secalert@redhat.com

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git%3Ba=commit%3Bh=24e35800cdc4350fc34e2bed37b608a9e13ab3b6