National Cyber-Alert System
Vulnerability Summary for CVE-2009-1192
Original release date:04/24/2009
Last revised:06/23/2009
Source:
US-CERT/NIST
Overview
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
6.9
Exploitability Subscore:
3.9
CVSS Version 2 Metrics:
Access Vector: Locally exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: CONFIRM
Name: https://bugzilla.redhat.com/show_bug.cgi?id=497020
Type: Patch Information
External Source: BID
Name: 34673
Type: Patch Information
External Source: CONFIRM
Name: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc3
Type: Advisory; Patch Information
External Source: BUGTRAQ
Name: 20090516 rPSA-2009-0084-1 kernel
External Source: REDHAT
Name: RHSA-2009:1081
External Source: MANDRIVA
Name: MDVSA-2009:135
External Source: MANDRIVA
Name: MDVSA-2009:119
External Source: DEBIAN
Name: DSA-1800
External Source: DEBIAN
Name: DSA-1794
External Source: DEBIAN
Name: DSA-1787
External Source: CONFIRM
Name: http://wiki.rpath.com/Advisories:rPSA-2009-0084
External Source: SECUNIA
Name: 35387
External Source: SECUNIA
Name: 35121
External Source: SECUNIA
Name: 35120
External Source: SECUNIA
Name: 35011
External Source: SECUNIA
Name: 34981
External Source: MLIST
Name: [oss-security] 20090422 CVE-2009-1192 kernel: agp: zero pages before sending to userspace
External Source: SUSE
Name: SUSE-SA:2009:032
External Source: CONFIRM
Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=59de2bebabc5027f93df999d59cc65df591c3e6e
Type: Advisory