Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-1056 | First vendor Publication | 2006-04-20 |
Vendor | Cve | Last vendor Modification | 2018-10-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9995 | |||
Oval ID: | oval:org.mitre.oval:def:9995 | ||
Title: | The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processers in a security-relevant fashion that was not addressed by the kernels. | ||
Description: | The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processers in a security-relevant fashion that was not addressed by the kernels. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-1056 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-06:14.fpu.asc) File : nvt/freebsdsa_fpu.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1097-1 (kernel-source-2.4.27) File : nvt/deb_1097_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1103-1 (kernel-source-2.6.8) File : nvt/deb_1103_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24807 | Linux Kernel x87 Register Information Disclosure The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the Floating Point Units (FPUs) of the affected processor types do not save and restore the FOP, FID and FPD registers when certain instructions are executed. As a result, Linux does not clear these registers either. When a context switch occurs, a user can potentially read these uncleared registers which could disclose floating point information, resulting in a loss of confidentiality. |
24746 | FreeBSD FPU x87 Register Information Disclosure FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the Floating Point Units (FPUs) of the affected processor types do not save and restore the FOP, FID and FPD registers when certain instructions are executed. As a result, FreeBSD does not clear these registers either. When a context switch occurs, a user can potentially read these uncleared registers which could disclose floating point information, resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-06-12 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0446-1.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0042.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0043.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-302-1.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1097.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1103.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO |
2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO |
2006-08-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO |
2006-07-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO |
2006-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0579.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-421.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-423.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:03:53 |
|
2024-02-01 12:01:52 |
|
2023-09-05 12:03:39 |
|
2023-09-05 01:01:43 |
|
2023-09-02 12:03:42 |
|
2023-09-02 01:01:44 |
|
2023-08-12 12:04:18 |
|
2023-08-12 01:01:44 |
|
2023-08-11 12:03:46 |
|
2023-08-11 01:01:46 |
|
2023-08-06 12:03:33 |
|
2023-08-06 01:01:45 |
|
2023-08-04 12:03:37 |
|
2023-08-04 01:01:47 |
|
2023-07-14 12:03:36 |
|
2023-07-14 01:01:46 |
|
2023-03-29 01:03:50 |
|
2023-03-28 12:01:50 |
|
2022-10-11 12:03:13 |
|
2022-10-11 01:01:37 |
|
2022-03-11 01:02:54 |
|
2021-05-04 12:03:45 |
|
2021-04-22 01:04:18 |
|
2020-08-08 01:01:46 |
|
2020-07-30 01:01:48 |
|
2020-05-23 01:37:22 |
|
2020-05-23 00:17:29 |
|
2019-01-25 12:01:40 |
|
2018-10-31 00:19:45 |
|
2018-10-30 12:01:49 |
|
2018-10-18 21:20:00 |
|
2017-10-11 09:23:38 |
|
2017-07-20 09:23:24 |
|
2016-11-22 09:22:56 |
|
2016-11-19 09:23:43 |
|
2016-10-18 12:01:56 |
|
2016-07-21 12:00:43 |
|
2016-06-28 23:52:55 |
|
2016-06-28 15:39:05 |
|
2016-04-26 14:22:16 |
|
2015-06-13 13:27:41 |
|
2015-05-21 13:29:10 |
|
2014-11-27 13:27:14 |
|
2014-04-19 13:23:07 |
|
2014-02-17 10:34:55 |
|
2013-05-11 10:50:55 |
|