Arun Sharma has discovered a vulnerability that affects Linux ia64 kernels. When the psr.mfh bit is checked without checking the identity of the FPH owner, another process may be able to see the first process's registers.
7e63b0d22a6886171fcbc995871136e9f5eb57f8cec14c4fe69851519273f6f5
Opened by (Arun Sharma) on 2004-05-28 17:46
Description of problem:
Linux 2.4.x and the SLES9/ia64 kernels have a floating point leak.
This is because the context switch code checks just the psr.mfh bit
and doesn't look at who the FPH owner is.
This allows a malicious program to set the MFH bit and look at the
registers of another possibly sensitive process.
Version-Release number of selected component (if applicable):
2.4.21-12.EL.
How reproducible:
Run N (= number of cpus) copies of the program secret and one copy of
the program check.