cvelistv5 - CVE-2002-1571

CVE-2002-1571 (GCVE-0-2002-1571)

Vulnerability from cvelistv5 – Published: 2006-01-23 22:00 – Updated: 2024-08-08 03:26

Summary

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://search.luky.org/linux-kernel.2002/msg24003.html	mailing-listx_refsource_MLIST
	http://www.cs.helsinki.fi/linux/linux-kernel/2002…	mailing-listx_refsource_MLIST
	http://search.luky.org/linux-kernel.2002/msg24992.html	mailing-listx_refsource_MLIST
	http://www.cs.helsinki.fi/linux/linux-kernel/2002…	mailing-listx_refsource_MLIST
	http://linux.bkbits.net:8080/linux-2.4/diffs/arch…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:26:28.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[linux-kernel] 20020418 Re: SSE related security hole",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://search.luky.org/linux-kernel.2002/msg24003.html"
          },
          {
            "name": "[linux-kernel] 20020417 Re: SSE related security hole",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html"
          },
          {
            "name": "[linux-kernel] 20020422 Re: SSE related security hole",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://search.luky.org/linux-kernel.2002/msg24992.html"
          },
          {
            "name": "[linux-kernel] 20020417 SSE related security hole",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-04-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-15T16:36:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[linux-kernel] 20020418 Re: SSE related security hole",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://search.luky.org/linux-kernel.2002/msg24003.html"
        },
        {
          "name": "[linux-kernel] 20020417 Re: SSE related security hole",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html"
        },
        {
          "name": "[linux-kernel] 20020422 Re: SSE related security hole",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://search.luky.org/linux-kernel.2002/msg24992.html"
        },
        {
          "name": "[linux-kernel] 20020417 SSE related security hole",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1571",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[linux-kernel] 20020418 Re: SSE related security hole",
              "refsource": "MLIST",
              "url": "http://search.luky.org/linux-kernel.2002/msg24003.html"
            },
            {
              "name": "[linux-kernel] 20020417 Re: SSE related security hole",
              "refsource": "MLIST",
              "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html"
            },
            {
              "name": "[linux-kernel] 20020422 Re: SSE related security hole",
              "refsource": "MLIST",
              "url": "http://search.luky.org/linux-kernel.2002/msg24992.html"
            },
            {
              "name": "[linux-kernel] 20020417 SSE related security hole",
              "refsource": "MLIST",
              "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html"
            },
            {
              "name": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6",
              "refsource": "CONFIRM",
              "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1571",
    "datePublished": "2006-01-23T22:00:00",
    "dateReserved": "2003-11-26T00:00:00",
    "dateUpdated": "2024-08-08T03:26:28.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C24A129D-2E5E-436C-95DE-AE75D2E8D092\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E244C37-E366-482E-9173-9376D0839839\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*\", \"matchCriteriaId\": \"11F96BB9-6509-4F1E-9590-E55EE8C6F992\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFAEE304-B9D4-4F1E-A2E0-9E5A4932096D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*\", \"matchCriteriaId\": \"12375EA9-EBFF-40B6-BCBC-E34BC3A6CDA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*\", \"matchCriteriaId\": \"718D4631-440E-4783-8966-B2A2D3EF89B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6111EDDB-065F-4AD1-925C-E0A3C1DE26AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8A2F7E7-0C51-43F2-BCEA-01FF738971D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*\", \"matchCriteriaId\": \"40F5FFBB-05C8-4D65-9FCF-11E67BEE86AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*\", \"matchCriteriaId\": \"7015F57A-1E3B-42D2-9D12-F695078EFB21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*\", \"matchCriteriaId\": \"467721EE-5130-46C5-BBB7-0F4878F3F171\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*\", \"matchCriteriaId\": \"171257E7-12C5-4283-88F7-FFE643995563\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*\", \"matchCriteriaId\": \"0887E02F-9F36-41F0-9F75-060B8414D7BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55B85D5B-4EA1-4FCF-8D50-9C54E8FDA92F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01408EC0-9C2D-4A44-8080-D7FC7E1A1FA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F49A384-7222-41F3-9BE1-4E18C00E50A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05520FE3-C48D-42E8-BC24-C2396BD46CBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D865FBB6-E07D-492F-A75E-168B06C8ADEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"598F24C2-0366-4799-865C-5EE4572B734B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0399660-6385-45AB-9785-E504D8788146\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCBC50EA-130C-41B7-83EA-C523B3C3AAD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B91F6CBE-400F-4D0B-B893-34577B47A342\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1548ECFD-FCB5-4AE0-9788-42F61F25489F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ABB9787-5497-4BDC-8952-F99CF60A89BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"615F6BA2-CD51-4159-B28A-A018CA9FC25C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"093848CB-68A1-4258-8357-373A477FE4E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E275F440-A427-465F-B314-BF0730C781DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98651D39-60CF-409F-8276-DBBB56B972AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"067B8E09-C923-4DDA-92DB-4A2892CB526A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EBE3738-E530-4EC6-9FC6-1A063605BE05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"474384F1-FB2D-4C00-A4CD-0C2C5AE42DB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*\", \"matchCriteriaId\": \"D77F8919-4064-4EA5-A948-76178EA21F83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E7C423D-23DE-4C7B-A518-66F87E041925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EA1382E-71B0-4E65-A310-716A244F4FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC955BD8-3ABB-4FDB-B37E-B1F0C47A5E0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EBCA878-CCD0-4645-ACF6-12FB9C4B4A4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4BEF62D-2BEF-4CF8-9559-8A6D9631B0EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*\", \"matchCriteriaId\": \"824BBD31-8F3B-4F05-981B-ABF662BBF5F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F4CCC2-8AE5-4CFF-8DC4-126F02126E1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*\", \"matchCriteriaId\": \"388A5C99-1F60-4C20-9AE5-6E73E5A3F819\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F677E992-8D37-438F-97DF-9D98B28F020C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5888F8D7-15C2-4435-BB3C-8674DFAF0089\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*\", \"matchCriteriaId\": \"29439AD0-EB8D-4675-A77A-6548FF27ADA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F27AADF6-1605-47FC-8C4D-87827A578A90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*\", \"matchCriteriaId\": \"B42F4080-A76F-4D17-85E2-CD2D2E4D0450\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*\", \"matchCriteriaId\": \"6968EF1D-7CC5-430D-866D-206F66486F63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*\", \"matchCriteriaId\": \"50E6F5C5-BF74-4C10-830A-F232D528D290\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.\"}]",
      "id": "CVE-2002-1571",
      "lastModified": "2024-11-20T23:41:37.277",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2002-12-31T05:00:00.000",
      "references": "[{\"url\": \"http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://search.luky.org/linux-kernel.2002/msg24003.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://search.luky.org/linux-kernel.2002/msg24992.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://search.luky.org/linux-kernel.2002/msg24003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://search.luky.org/linux-kernel.2002/msg24992.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-1571\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C24A129D-2E5E-436C-95DE-AE75D2E8D092\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E244C37-E366-482E-9173-9376D0839839\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F96BB9-6509-4F1E-9590-E55EE8C6F992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFAEE304-B9D4-4F1E-A2E0-9E5A4932096D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*\",\"matchCriteriaId\":\"12375EA9-EBFF-40B6-BCBC-E34BC3A6CDA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*\",\"matchCriteriaId\":\"718D4631-440E-4783-8966-B2A2D3EF89B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6111EDDB-065F-4AD1-925C-E0A3C1DE26AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8A2F7E7-0C51-43F2-BCEA-01FF738971D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F5FFBB-05C8-4D65-9FCF-11E67BEE86AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7015F57A-1E3B-42D2-9D12-F695078EFB21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*\",\"matchCriteriaId\":\"467721EE-5130-46C5-BBB7-0F4878F3F171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*\",\"matchCriteriaId\":\"171257E7-12C5-4283-88F7-FFE643995563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*\",\"matchCriteriaId\":\"0887E02F-9F36-41F0-9F75-060B8414D7BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55B85D5B-4EA1-4FCF-8D50-9C54E8FDA92F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01408EC0-9C2D-4A44-8080-D7FC7E1A1FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F49A384-7222-41F3-9BE1-4E18C00E50A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05520FE3-C48D-42E8-BC24-C2396BD46CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D865FBB6-E07D-492F-A75E-168B06C8ADEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"598F24C2-0366-4799-865C-5EE4572B734B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0399660-6385-45AB-9785-E504D8788146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBC50EA-130C-41B7-83EA-C523B3C3AAD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B91F6CBE-400F-4D0B-B893-34577B47A342\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1548ECFD-FCB5-4AE0-9788-42F61F25489F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ABB9787-5497-4BDC-8952-F99CF60A89BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"615F6BA2-CD51-4159-B28A-A018CA9FC25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"093848CB-68A1-4258-8357-373A477FE4E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E275F440-A427-465F-B314-BF0730C781DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98651D39-60CF-409F-8276-DBBB56B972AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"067B8E09-C923-4DDA-92DB-4A2892CB526A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EBE3738-E530-4EC6-9FC6-1A063605BE05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"474384F1-FB2D-4C00-A4CD-0C2C5AE42DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*\",\"matchCriteriaId\":\"D77F8919-4064-4EA5-A948-76178EA21F83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E7C423D-23DE-4C7B-A518-66F87E041925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EA1382E-71B0-4E65-A310-716A244F4FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC955BD8-3ABB-4FDB-B37E-B1F0C47A5E0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBCA878-CCD0-4645-ACF6-12FB9C4B4A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4BEF62D-2BEF-4CF8-9559-8A6D9631B0EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*\",\"matchCriteriaId\":\"824BBD31-8F3B-4F05-981B-ABF662BBF5F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F4CCC2-8AE5-4CFF-8DC4-126F02126E1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*\",\"matchCriteriaId\":\"388A5C99-1F60-4C20-9AE5-6E73E5A3F819\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F677E992-8D37-438F-97DF-9D98B28F020C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5888F8D7-15C2-4435-BB3C-8674DFAF0089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"29439AD0-EB8D-4675-A77A-6548FF27ADA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F27AADF6-1605-47FC-8C4D-87827A578A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B42F4080-A76F-4D17-85E2-CD2D2E4D0450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6968EF1D-7CC5-430D-866D-206F66486F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*\",\"matchCriteriaId\":\"50E6F5C5-BF74-4C10-830A-F232D528D290\"}]}]}],\"references\":[{\"url\":\"http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://search.luky.org/linux-kernel.2002/msg24003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://search.luky.org/linux-kernel.2002/msg24992.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://search.luky.org/linux-kernel.2002/msg24003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://search.luky.org/linux-kernel.2002/msg24992.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-G537-Q8GC-5484

Vulnerability from github – Published: 2022-04-30 18:21 – Updated: 2025-04-03 03:49

Details

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-1571"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-12-31T05:00:00Z",
    "severity": "LOW"
  },
  "details": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.",
  "id": "GHSA-g537-q8gc-5484",
  "modified": "2025-04-03T03:49:43Z",
  "published": "2022-04-30T18:21:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1571"
    },
    {
      "type": "WEB",
      "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6"
    },
    {
      "type": "WEB",
      "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6"
    },
    {
      "type": "WEB",
      "url": "http://search.luky.org/linux-kernel.2002/msg24003.html"
    },
    {
      "type": "WEB",
      "url": "http://search.luky.org/linux-kernel.2002/msg24992.html"
    },
    {
      "type": "WEB",
      "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html"
    },
    {
      "type": "WEB",
      "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2002-1571

Vulnerability from fkie_nvd - Published: 2002-12-31 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

References

	URL	Tags
	cve@mitre.org	http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6
	cve@mitre.org	http://search.luky.org/linux-kernel.2002/msg24003.html
	cve@mitre.org	http://search.luky.org/linux-kernel.2002/msg24992.html
	cve@mitre.org	http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html
	cve@mitre.org	http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html
	af854a3a-2127-422b-91ae-364da2661108	http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6
	af854a3a-2127-422b-91ae-364da2661108	http://search.luky.org/linux-kernel.2002/msg24003.html
	af854a3a-2127-422b-91ae-364da2661108	http://search.luky.org/linux-kernel.2002/msg24992.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html

Impacted products

Vendor	Product	Version
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.0
linux	linux_kernel	2.4.1
linux	linux_kernel	2.4.2
linux	linux_kernel	2.4.3
linux	linux_kernel	2.4.4
linux	linux_kernel	2.4.5
linux	linux_kernel	2.4.6
linux	linux_kernel	2.4.7
linux	linux_kernel	2.4.8
linux	linux_kernel	2.4.9
linux	linux_kernel	2.4.10
linux	linux_kernel	2.4.11
linux	linux_kernel	2.4.12
linux	linux_kernel	2.4.13
linux	linux_kernel	2.4.14
linux	linux_kernel	2.4.15
linux	linux_kernel	2.4.16
linux	linux_kernel	2.4.17
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.18
linux	linux_kernel	2.4.19
linux	linux_kernel	2.4.19
linux	linux_kernel	2.4.19
linux	linux_kernel	2.4.19
linux	linux_kernel	2.4.19
linux	linux_kernel	2.4.19
linux	linux_kernel	2.4.19

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24A129D-2E5E-436C-95DE-AE75D2E8D092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*",
              "matchCriteriaId": "2E244C37-E366-482E-9173-9376D0839839",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*",
              "matchCriteriaId": "11F96BB9-6509-4F1E-9590-E55EE8C6F992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*",
              "matchCriteriaId": "AFAEE304-B9D4-4F1E-A2E0-9E5A4932096D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*",
              "matchCriteriaId": "12375EA9-EBFF-40B6-BCBC-E34BC3A6CDA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*",
              "matchCriteriaId": "718D4631-440E-4783-8966-B2A2D3EF89B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*",
              "matchCriteriaId": "6111EDDB-065F-4AD1-925C-E0A3C1DE26AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*",
              "matchCriteriaId": "A8A2F7E7-0C51-43F2-BCEA-01FF738971D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*",
              "matchCriteriaId": "40F5FFBB-05C8-4D65-9FCF-11E67BEE86AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*",
              "matchCriteriaId": "7015F57A-1E3B-42D2-9D12-F695078EFB21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*",
              "matchCriteriaId": "467721EE-5130-46C5-BBB7-0F4878F3F171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*",
              "matchCriteriaId": "171257E7-12C5-4283-88F7-FFE643995563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*",
              "matchCriteriaId": "0887E02F-9F36-41F0-9F75-060B8414D7BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B85D5B-4EA1-4FCF-8D50-9C54E8FDA92F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01408EC0-9C2D-4A44-8080-D7FC7E1A1FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F49A384-7222-41F3-9BE1-4E18C00E50A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "05520FE3-C48D-42E8-BC24-C2396BD46CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D865FBB6-E07D-492F-A75E-168B06C8ADEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "598F24C2-0366-4799-865C-5EE4572B734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0399660-6385-45AB-9785-E504D8788146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCBC50EA-130C-41B7-83EA-C523B3C3AAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91F6CBE-400F-4D0B-B893-34577B47A342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1548ECFD-FCB5-4AE0-9788-42F61F25489F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ABB9787-5497-4BDC-8952-F99CF60A89BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "615F6BA2-CD51-4159-B28A-A018CA9FC25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "093848CB-68A1-4258-8357-373A477FE4E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E275F440-A427-465F-B314-BF0730C781DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "98651D39-60CF-409F-8276-DBBB56B972AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "067B8E09-C923-4DDA-92DB-4A2892CB526A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EBE3738-E530-4EC6-9FC6-1A063605BE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "474384F1-FB2D-4C00-A4CD-0C2C5AE42DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*",
              "matchCriteriaId": "D77F8919-4064-4EA5-A948-76178EA21F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "5E7C423D-23DE-4C7B-A518-66F87E041925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "8EA1382E-71B0-4E65-A310-716A244F4FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "AC955BD8-3ABB-4FDB-B37E-B1F0C47A5E0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "2EBCA878-CCD0-4645-ACF6-12FB9C4B4A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*",
              "matchCriteriaId": "B4BEF62D-2BEF-4CF8-9559-8A6D9631B0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*",
              "matchCriteriaId": "824BBD31-8F3B-4F05-981B-ABF662BBF5F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*",
              "matchCriteriaId": "10F4CCC2-8AE5-4CFF-8DC4-126F02126E1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*",
              "matchCriteriaId": "388A5C99-1F60-4C20-9AE5-6E73E5A3F819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "F677E992-8D37-438F-97DF-9D98B28F020C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "5888F8D7-15C2-4435-BB3C-8674DFAF0089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "29439AD0-EB8D-4675-A77A-6548FF27ADA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "F27AADF6-1605-47FC-8C4D-87827A578A90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "B42F4080-A76F-4D17-85E2-CD2D2E4D0450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*",
              "matchCriteriaId": "6968EF1D-7CC5-430D-866D-206F66486F63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*",
              "matchCriteriaId": "50E6F5C5-BF74-4C10-830A-F232D528D290",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers."
    }
  ],
  "id": "CVE-2002-1571",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://search.luky.org/linux-kernel.2002/msg24003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://search.luky.org/linux-kernel.2002/msg24992.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c%401.6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://search.luky.org/linux-kernel.2002/msg24003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://search.luky.org/linux-kernel.2002/msg24992.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

RHSA-2002_128

Vulnerability from csaf_redhat - Published: 2002-07-16 15:57 - Updated: 2024-11-21 22:24

Summary

Red Hat Security Advisory: Updated kernel with information security fixes, bug fixes, and updated drivers

Notes

Topic

This kernel update is available for Red Hat Linux Advanced Server 2.1. It includes a fix for an information security bug, various kernel bug fixes, and updated device drivers. [2002-07-29] This release is a rebuild for adding exported symbols for Veritas.

Details

This kernel fixes an information security bug. When running enterprise kernels previous to version 2.4.9-e.8, information in the Intel SSE XMM registers could "leak" between processes under certain circumstances. This update also includes fixes for the following bugs: - Creation of an Oracle SGA greater than 8 GB on 16 GB or greater machine when using bigpages and shmfs - Sendmail running out of flocks - Unreliable rebooting with the "reboot=bios" boot option - Potential memory corruption on systems with more than 4 GB - An AIO write deadlock - IOAPIC warnings on one platform - Potentially miscompiled code in xor.h (though kernel engineering research does not indicate that our compiler miscompiles this code) This kernel also has extra exported symbols removed. This new kernel also includes several updated device drivers. The aic7xxx_mod driver has been updated to a new version, fixing several bugs, the tg3 driver has also been updated to a new version to fix various bugs, and the qla2300 driver has some small bug fixes and has been updated to work with the QLogic 2340 HBA and PowerVault 660F arrays. Additions to the SCSI LUNs "white list" have also been made to support more fibre channel arrays. [2002-07-29] This new kernel is a rebuild for adding exported symbols for Veritas.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "This kernel update is available for Red Hat Linux Advanced Server 2.1.\n\nIt includes a fix for an information security bug, various kernel bug\nfixes, and updated device drivers.\n\n[2002-07-29] This release is a rebuild for adding exported symbols for Veritas.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This kernel fixes an information security bug. When running enterprise\nkernels previous to version 2.4.9-e.8, information in the Intel SSE XMM\nregisters could \"leak\" between processes under certain circumstances.\n\nThis update also includes fixes for the following bugs:\n\n- Creation of an Oracle SGA greater than 8 GB on 16 GB or greater machine\n  when using bigpages and shmfs \n- Sendmail running out of flocks\n- Unreliable rebooting with the \"reboot=bios\" boot option\n- Potential memory corruption on systems with more than 4 GB \n- An AIO write deadlock \n- IOAPIC warnings on one platform \n- Potentially miscompiled code in xor.h (though kernel engineering\n  research does not indicate that our compiler miscompiles this code)\n\nThis kernel also has extra exported symbols removed.\n\nThis new kernel also includes several updated device drivers. The\naic7xxx_mod driver has been updated to a new version, fixing several\nbugs, the tg3 driver has also been updated to a new version to fix various\nbugs, and the qla2300 driver has some small bug fixes and has been updated\nto work with the QLogic 2340 HBA and PowerVault 660F arrays.  Additions to\nthe SCSI LUNs \"white list\" have also been made to support more fibre\nchannel arrays.\n\n[2002-07-29] This new kernel is a rebuild for adding exported symbols for\nVeritas.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:128",
        "url": "https://access.redhat.com/errata/RHSA-2002:128"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "59894",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=59894"
      },
      {
        "category": "external",
        "summary": "60903",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=60903"
      },
      {
        "category": "external",
        "summary": "60944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=60944"
      },
      {
        "category": "external",
        "summary": "61579",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=61579"
      },
      {
        "category": "external",
        "summary": "64394",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=64394"
      },
      {
        "category": "external",
        "summary": "66535",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=66535"
      },
      {
        "category": "external",
        "summary": "66966",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=66966"
      },
      {
        "category": "external",
        "summary": "67167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=67167"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_128.json"
      }
    ],
    "title": "Red Hat Security Advisory: Updated kernel with information security fixes, bug fixes, and updated drivers",
    "tracking": {
      "current_release_date": "2024-11-21T22:24:30+00:00",
      "generator": {
        "date": "2024-11-21T22:24:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:128",
      "initial_release_date": "2002-07-16T15:57:00+00:00",
      "revision_history": [
        {
          "date": "2002-07-16T15:57:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-06-25T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:24:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-1571",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616925"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-1571"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616925",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616925"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-1571",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-1571"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1571",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1571"
        }
      ],
      "release_date": "2002-04-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-16T15:57:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThe procedure for upgrading the kernel manually is documented at\nhttp://www.redhat.com/support/docs/howto/kernel-upgrade/\nPlease read the directions for your architecture carefully before\nproceeding with the kernel upgrade.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:128"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2002:128

Vulnerability from csaf_redhat - Published: 2002-07-16 15:57 - Updated: 2025-11-21 17:24

Summary

Red Hat Security Advisory: Updated kernel with information security fixes, bug fixes, and updated drivers

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "This kernel update is available for Red Hat Linux Advanced Server 2.1.\n\nIt includes a fix for an information security bug, various kernel bug\nfixes, and updated device drivers.\n\n[2002-07-29] This release is a rebuild for adding exported symbols for Veritas.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This kernel fixes an information security bug. When running enterprise\nkernels previous to version 2.4.9-e.8, information in the Intel SSE XMM\nregisters could \"leak\" between processes under certain circumstances.\n\nThis update also includes fixes for the following bugs:\n\n- Creation of an Oracle SGA greater than 8 GB on 16 GB or greater machine\n  when using bigpages and shmfs \n- Sendmail running out of flocks\n- Unreliable rebooting with the \"reboot=bios\" boot option\n- Potential memory corruption on systems with more than 4 GB \n- An AIO write deadlock \n- IOAPIC warnings on one platform \n- Potentially miscompiled code in xor.h (though kernel engineering\n  research does not indicate that our compiler miscompiles this code)\n\nThis kernel also has extra exported symbols removed.\n\nThis new kernel also includes several updated device drivers. The\naic7xxx_mod driver has been updated to a new version, fixing several\nbugs, the tg3 driver has also been updated to a new version to fix various\nbugs, and the qla2300 driver has some small bug fixes and has been updated\nto work with the QLogic 2340 HBA and PowerVault 660F arrays.  Additions to\nthe SCSI LUNs \"white list\" have also been made to support more fibre\nchannel arrays.\n\n[2002-07-29] This new kernel is a rebuild for adding exported symbols for\nVeritas.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:128",
        "url": "https://access.redhat.com/errata/RHSA-2002:128"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "59894",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=59894"
      },
      {
        "category": "external",
        "summary": "60903",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=60903"
      },
      {
        "category": "external",
        "summary": "60944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=60944"
      },
      {
        "category": "external",
        "summary": "61579",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=61579"
      },
      {
        "category": "external",
        "summary": "64394",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=64394"
      },
      {
        "category": "external",
        "summary": "66535",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=66535"
      },
      {
        "category": "external",
        "summary": "66966",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=66966"
      },
      {
        "category": "external",
        "summary": "67167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=67167"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_128.json"
      }
    ],
    "title": "Red Hat Security Advisory: Updated kernel with information security fixes, bug fixes, and updated drivers",
    "tracking": {
      "current_release_date": "2025-11-21T17:24:52+00:00",
      "generator": {
        "date": "2025-11-21T17:24:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2002:128",
      "initial_release_date": "2002-07-16T15:57:00+00:00",
      "revision_history": [
        {
          "date": "2002-07-16T15:57:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-06-25T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:24:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-1571",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616925"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-1571"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616925",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616925"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-1571",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-1571"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1571",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1571"
        }
      ],
      "release_date": "2002-04-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-16T15:57:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThe procedure for upgrading the kernel manually is documented at\nhttp://www.redhat.com/support/docs/howto/kernel-upgrade/\nPlease read the directions for your architecture carefully before\nproceeding with the kernel upgrade.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:128"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GSD-2002-1571

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

Aliases

CVE-2002-1571

Aliases

CVE-2002-1571

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-1571",
    "description": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.",
    "id": "GSD-2002-1571",
    "references": [
      "https://access.redhat.com/errata/RHSA-2002:128"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-1571"
      ],
      "details": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.",
      "id": "GSD-2002-1571",
      "modified": "2023-12-13T01:24:09.877586Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-1571",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[linux-kernel] 20020418 Re: SSE related security hole",
            "refsource": "MLIST",
            "url": "http://search.luky.org/linux-kernel.2002/msg24003.html"
          },
          {
            "name": "[linux-kernel] 20020417 Re: SSE related security hole",
            "refsource": "MLIST",
            "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html"
          },
          {
            "name": "[linux-kernel] 20020422 Re: SSE related security hole",
            "refsource": "MLIST",
            "url": "http://search.luky.org/linux-kernel.2002/msg24992.html"
          },
          {
            "name": "[linux-kernel] 20020417 SSE related security hole",
            "refsource": "MLIST",
            "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html"
          },
          {
            "name": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6",
            "refsource": "CONFIRM",
            "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1571"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[linux-kernel] 20020417 SSE related security hole",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html"
            },
            {
              "name": "[linux-kernel] 20020417 Re: SSE related security hole",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html"
            },
            {
              "name": "[linux-kernel] 20020418 Re: SSE related security hole",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://search.luky.org/linux-kernel.2002/msg24003.html"
            },
            {
              "name": "[linux-kernel] 20020422 Re: SSE related security hole",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://search.luky.org/linux-kernel.2002/msg24992.html"
            },
            {
              "name": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-05T20:30Z",
      "publishedDate": "2002-12-31T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2002-1571 (GCVE-0-2002-1571)

GHSA-G537-Q8GC-5484

FKIE_CVE-2002-1571

RHSA-2002_128

RHSA-2002:128

GSD-2002-1571

Tags

Sightings

Nomenclature