CVE-2008-1367
Summary
| CVE | CVE-2008-1367 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-03-17 23:44:00 UTC |
| Updated | 2023-11-07 02:01:00 UTC |
| Description | gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. |
Risk And Classification
Problem Types: CWE-399
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| LKML: Aurelien Jarno: Linux doesn't follow x86/x86-64 ABI wrt direction flag | MLIST | lkml.org | Exploit |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| 'x86: clear DF before calling signal handler' - MARC | MLIST | marc.info | |
| [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 | SUSE | lists.opensuse.org | |
| SUSE update for kernel - Advisories - Secunia | SECUNIA | secunia.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org | ||
| Chris Lattner - Re: [PATCH, i386]: Emit cld instruction when stringops are used | MLIST | gcc.gnu.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 | SUSE | lists.opensuse.org | |
| 437312 – (CVE-2008-1367) CVE-2008-1367 Kernel doesn't clear DF for signal handlers | CONFIRM | bugzilla.redhat.com | |
| SUSE update for kernel - Advisories - Secunia | SECUNIA | secunia.com | |
| Red Hat update for kernel - Advisories - Secunia | SECUNIA | secunia.com | |
| VMware ESX Server update for Samba and vmnix - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| Michael Matz - Re: [PATCH, i386]: Emit cld instruction when stringops are used | MLIST | gcc.gnu.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Red Hat update for kernel - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 | SUSE | lists.opensuse.org | |
| GCC 4.3.0 exposes a kernel bug [LWN.net] | MISC | lwn.net | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | |
| Uros Bizjak - Re: [PATCH, i386]: Emit cld instruction when stringops are used | MLIST | gcc.gnu.org | |
| [Security-announce] VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix | MLIST | lists.vmware.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| #469058 - Linux doesn't follow x86/x86-64 ABI wrt direction flag - Debian Bug report logs | CONFIRM | bugs.debian.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Red Hat update for kernel - Advisories - Secunia | SECUNIA | secunia.com | |
| SUSE update for kernel - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| Uros Bizjak - [PATCH, i386]: Emit cld instruction when stringops are used | MLIST | gcc.gnu.org | |
| Linux Kernel Direction Flag Local Memory Corruption Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.