Vulnerability Details CVE-2004-0565
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.3%
CVSS Severity
CVSS v2 Score 2.1
References
- http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:066
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.securityfocus.com/bid/10687
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16644
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714
- http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:066
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.securityfocus.com/bid/10687
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16644
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714
Products affected by CVE-2004-0565
-
cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2
-
cpe:2.3:o:gentoo:linux:-
-
cpe:2.3:o:gentoo:linux:1.2
-
cpe:2.3:o:gentoo:linux:1.4
-
cpe:2.3:o:gentoo:linux:2.1.30
-
cpe:2.3:o:gentoo:linux:2.2.28
-
cpe:2.3:o:gentoo:linux:2.3.30
-
cpe:2.3:o:linux:linux_kernel:2.4.0
-
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
-
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1
-
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2
-
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1
-
cpe:2.3:o:trustix:secure_linux:2
-
cpe:2.3:o:trustix:secure_linux:2.0
-
cpe:2.3:o:trustix:secure_linux:2.1