CVE-2004-0565

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

References

http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html

http://secunia.com/advisories/20162

http://secunia.com/advisories/20163

http://secunia.com/advisories/20202

http://secunia.com/advisories/20338

http://www.debian.org/security/2006/dsa-1067

http://www.debian.org/security/2006/dsa-1069

http://www.debian.org/security/2006/dsa-1070

http://www.debian.org/security/2006/dsa-1082

http://www.mandriva.com/security/advisories?name=MDKSA-2004:066

http://www.redhat.com/support/errata/RHSA-2004-504.html

http://www.securityfocus.com/bid/10687

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734

https://exchange.xforce.ibmcloud.com/vulnerabilities/16644

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714

Details

Source: MITRE

Published: 2004-12-06

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
22624Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22612Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22611Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22609Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilitiesNessusDebian Local Security Checks
critical
16054RHEL 3 : kernel (RHSA-2004:689)NessusRed Hat Local Security Checks
critical
14549GLSA-200407-16 : Linux Kernel: Multiple DoS and permission vulnerabilitiesNessusGentoo Local Security Checks
high
14165Mandrake Linux Security Advisory : kernel (MDKSA-2004:066)NessusMandriva Local Security Checks
high
801602Red Hat 2004-689 Security CheckLog Correlation EngineGeneric
high