CVE-2004-0565

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs version Debian GNU/Linux kernel-image-2.4.18-sun4u version Debian GNU/Linux kernel-image-2.4.18-sun4u-smp version Debian GNU/Linux kernel-image-2.4.19-sparc version Debian GNU/Linux kernel-image-2.4.19-sun4u version Debian GNU/Linux kernel-image-2.4.19-sun4u-smp version Debian GNU/Linux kernel-headers-2.4.18-sparc version Debian GNU/Linux kernel-headers-2.4.19-sparc version Debian GNU/Linux kernel-patch-benh version

Description The issue concerns multiple vulnerabilities in the Debian GNU/Linux kernel packages. These vulnerabilities can lead to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. According to the information from Mitre, there is a floating point information leak in the context switch code for Linux 2.4.x, which only checks the MFH bit but does not verify the FPH owner. This allows local users to read register values of other processes by setting the MFH bit.

Recommendations For kernel-image-2.4.18-powerpc-xfs, consider disabling the vulnerable kernel functions until a patch is available. For kernel-image-2.4.18-sun4u, restrict access to the kernel to minimize the risk of exploitation. For kernel-image-2.4.18-sun4u-smp, avoid using the vulnerable kernel features in the affected kernel version until the issue is resolved. For kernel-image-2.4.19-sparc, kernel-image-2.4.19-sun4u, kernel-image-2.4.19-sun4u-smp, kernel-headers-2.4.18-sparc, kernel-headers-2.4.19-sparc, and kernel-patch-benh, at the moment, there is no information about a newer version that contains a fix for this vulnerability.