CVE-2009-1192

The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.

🔗 References (62)

• secalert@redhathttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=59de2bebabc5027f93df999d59cc65df591c3e6e
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
• secalert@redhathttp://openwall.com/lists/oss-security/2009/04/22/2
• secalert@redhathttp://secunia.com/advisories/34981
• secalert@redhathttp://secunia.com/advisories/35011
• secalert@redhathttp://secunia.com/advisories/35120
• secalert@redhathttp://secunia.com/advisories/35121
• secalert@redhathttp://secunia.com/advisories/35343
• secalert@redhathttp://secunia.com/advisories/35387
• secalert@redhathttp://secunia.com/advisories/35656
• secalert@redhathttp://secunia.com/advisories/37351
• secalert@redhathttp://secunia.com/advisories/37471
• secalert@redhathttp://wiki.rpath.com/Advisories:rPSA-2009-0084