Missing release of memory after effective lifetime in Linux kernel - CVE-2003-0984

Detailed vulnerability description

The vulnerability allows a local user to read and manipulate data.

Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.

How to mitigate CVE-2003-0984

Sources

• http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
• http://marc.info/?l=bugtraq&m=107394143105081&w=2
• http://secunia.com/advisories/10533
• http://secunia.com/advisories/10536
• http://secunia.com/advisories/10537
• http://secunia.com/advisories/10538
• http://secunia.com/advisories/10555
• http://secunia.com/advisories/10582
• http://secunia.com/advisories/10583
• http://secunia.com/advisories/20162
• http://secunia.com/advisories/20163
• http://secunia.com/advisories/20202
• http://secunia.com/advisories/20338
• http://www.debian.org/security/2006/dsa-1067
• http://www.debian.org/security/2006/dsa-1069
• http://www.debian.org/security/2006/dsa-1070
• http://www.debian.org/security/2006/dsa-1082
• http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
• http://www.mandriva.com/security/advisories?name=MDKSA-2004:001
• http://www.novell.com/linux/security/advisories/2003_049_kernel.html
• http://www.osvdb.org/3317
• http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00000.html
• http://www.redhat.com/support/errata/RHSA-2003-417.html
• http://www.redhat.com/support/errata/RHSA-2004-188.html
• http://www.securityfocus.com/bid/9154
• http://www.securitytracker.com/id?1008594
• https://exchange.xforce.ibmcloud.com/vulnerabilities/13943
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1013
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A859
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9406