arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
https://exchange.xforce.ibmcloud.com/vulnerabilities/43558
https://bugzilla.redhat.com/show_bug.cgi?id=451271
http://www.ubuntu.com/usn/usn-625-1
http://www.securitytracker.com/id?1020364
http://www.securityfocus.com/bid/29943
http://www.debian.org/security/2008/dsa-1630
http://rhn.redhat.com/errata/RHSA-2008-0508.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11571
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=3022d734a54cbd2b65eea9a024564821101b4a9a%3Bhp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff
Source: Mitre, NVD
Published: 2008-06-30
Updated: 2025-04-09
Base Score: 4.9
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N
Severity: Medium
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.00079