Ulrich Drepper

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.4 through 2.4.37 Linux kernel versions 2.6 before 2.6.31-rc5 **Description** The issue allows local users to obtain sensitive information from the kernel stack via the sigaltstack function due to the do sigaltstack function in kernel/signal.c not clearing certain padding bytes from a structure when running on 64-bit systems. **Recommendations** For Linux kernel versions 2.4 through 2.4.37, consider upgrading to a version outside of this range to mitigate the risk. For Linux kernel versions 2.6 before 2.6.31-rc5, update to version 2.6.31-rc5 or later to resolve the issue.