CVE-2004-0565

NameCVE-2004-0565
DescriptionFloating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1067-1, DSA-1069-1, DSA-1070-1, DSA-1082-1
NVD severitylow (attack range: local)
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux-2.6 (PTS)squeeze (security), squeeze2.6.32-48squeeze6fixed
squeeze (lts)2.6.32-48squeeze11fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-image-sparc-2.4sourcewoody26woody1lowDSA-1070-1
kernel-patch-2.4.19-mipssourcewoody2.4.19-0.020911.1.woody5lowDSA-1070-1
kernel-source-2.4.16sourcewoody2.4.16-1woody2lowDSA-1067-1
kernel-source-2.4.17sourcewoody2.4.17-1woody4lowDSA-1082-1
kernel-source-2.4.18sourcewoody2.4.18-14.4lowDSA-1069-1
kernel-source-2.4.19sourcewoody2.4.19-4.woody3lowDSA-1070-1
kernel-source-2.4.27source(unstable)2.4.27-1low
linux-2.6source(unstable)(not affected)

Notes

- linux-2.6 <not-affected> (fixed before first upload)

Search for package or bug name: Reporting problems