Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2006-1056

Date: April 20, 2006

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

Severity Score

Related Resources (53)

http://www.osvdb.org/24807
http://www.novell.com/linux/security/advisories/2006-05-31.html
https://nvd.nist.gov/vuln/detail/CVE-2006-1056
http://lwn.net/Alerts/180820/
http://secunia.com/advisories/19735
http://www.securityfocus.com/archive/1/431341
http://secunia.com/advisories/21136
http://www.securityfocus.com/archive/1/451404/100/0/threaded
http://www.securityfocus.com/bid/17600
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9
http://www.vupen.com/english/advisories/2006/4353
http://www.ubuntu.com/usn/usn-302-1
http://secunia.com/advisories/21983
http://www.redhat.com/support/errata/RHSA-2006-0579.html
http://secunia.com/advisories/21465
http://secunia.com/advisories/22876
http://secunia.com/advisories/22875
http://www.redhat.com/support/errata/RHSA-2006-0437.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1056
http://kb.vmware.com/kb/2533126
http://www.vupen.com/english/advisories/2006/4502
http://securitytracker.com/id?1015966
http://www.vupen.com/english/advisories/2006/1475
http://www.securityfocus.com/archive/1/451417/100/200/threaded
http://www.redhat.com/support/errata/RHSA-2006-0575.html
http://secunia.com/advisories/19715
http://www.osvdb.org/24746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995
http://www.vupen.com/english/advisories/2006/1426
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.debian.org/security/2006/dsa-1097
http://marc.info/?l=linux-kernel&m=114548768214478&w=2
http://www.securityfocus.com/archive/1/451421/100/0/threaded
http://secunia.com/advisories/21035
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://www.vupen.com/english/advisories/2006/2554
http://www.debian.org/security/2006/dsa-1103
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
http://secunia.com/advisories/20716
http://secunia.com/advisories/20914
http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
http://secunia.com/advisories/19724
http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt
http://secunia.com/advisories/20398
https://exchange.xforce.ibmcloud.com/vulnerabilities/25871
http://secunia.com/advisories/22417
http://www.securityfocus.com/archive/1/451419/100/200/threaded
http://secunia.com/advisories/20671
https://www.mend.io/vulnerability-database/CVE-2006-1056

Severity Score

Weakness Type (CWE)

Cryptographic Issues

CWE-310

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us