CVE-2009-1192
CVE-2009-1192
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=59de2bebabc5027f93df999d59cc65df591c3e6ehttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.htmlhttp://openwall.com/lists/oss-security/2009/04/22/2https://bugzilla.redhat.com/show_bug.cgi?id=497020http://secunia.com/advisories/34981http://secunia.com/advisories/35011http://secunia.com/advisories/35120http://secunia.com/advisories/35121http://secunia.com/advisories/35343http://secunia.com/advisories/35387