Information Disclosure in Linux Kernel and FreeBSD Kernel on AMD64 Processors
CVE-2006-1056

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; FreeBSD
Vendor: CVE Published:; 20 April 2006

Summary

This vulnerability in the Linux kernel and FreeBSD kernel stems from improper handling of floating point registers on AMD64 processors. When an exception is pending, these kernels only save/restore certain x87 registers, which inadvertently allows one process to glean information about the floating point state of other processes. This could potentially expose sensitive information, including cryptographic keys, compromising system security. This behavior contrasts with the security mechanisms present in Intel processors, underscoring a critical inconsistency in the handling of floating point data across different hardware architectures.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911

x_refsource_CONFIRM

http://www.redhat.com/support/errata/RHSA-2006-0437.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Apr 20, 2006
Vulnerability Reserved
Mar 7, 2006