CVE-2006-1056 (CNNVD-200604-336)

LOW
中文标题:
多家厂商AMD CPU本地FPU信息泄露漏洞
英文标题:
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th...
CVSS分数: 2.1
发布时间: 2006-04-20 10:00:00
漏洞类型: 加密问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

AMD是全球领先的微处理器解决方案供应商,提供各种微处理器解决方案。 在AMD所生产的第7代和第8代处理器上,除非将x87状态字中的异常摘要(ES)位设置为1,否则fxsave和fxrstor指令不会保存FOP、FIP和FDP寄存器指示出现了无掩码x87异常。 这种行为与AMD提供的文档所述是一致的,但与其他厂商的处理器不一致。其他厂商的处理器无论ES位设置为何值都会保存FOP、FIP和FDP寄存器。由于这种差异,在环境切换时无法恢复FOP、FIP和FDP寄存器的内容。 在受影响的处理器上,本地攻击者可以监控使用浮点运算进程的执行路径。这可能允许攻击者窃取加密密钥或其他敏感信息。

英文描述:

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

CWE类型:
CWE-310
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
freebsd freebsd * - - cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
linux linux_kernel * - - cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel 2.6.0 - - cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
linux linux_kernel 2.6.1 - - cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
linux linux_kernel 2.6.2 - - cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*
linux linux_kernel 2.6.3 - - cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*
linux linux_kernel 2.6.4 - - cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*
linux linux_kernel 2.6.5 - - cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*
linux linux_kernel 2.6.6 - - cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*
linux linux_kernel 2.6.7 - - cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*
linux linux_kernel 2.6.8 - - cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*
linux linux_kernel 2.6.9 - - cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*
linux linux_kernel 2.6.10 - - cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*
linux linux_kernel 2.6.11 - - cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.1 - - cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.2 - - cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.3 - - cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.4 - - cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.5 - - cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.6 - - cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.7 - - cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.8 - - cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.9 - - cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.10 - - cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.11 - - cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*
linux linux_kernel 2.6.11.12 - - cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*
linux linux_kernel 2.6.12 - - cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*
linux linux_kernel 2.6.12.1 - - cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*
linux linux_kernel 2.6.12.2 - - cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*
linux linux_kernel 2.6.12.3 - - cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*
linux linux_kernel 2.6.12.4 - - cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*
linux linux_kernel 2.6.12.5 - - cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*
linux linux_kernel 2.6.12.6 - - cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*
linux linux_kernel 2.6.13 - - cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*
linux linux_kernel 2.6.13.1 - - cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*
linux linux_kernel 2.6.13.2 - - cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*
linux linux_kernel 2.6.13.3 - - cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*
linux linux_kernel 2.6.13.4 - - cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*
linux linux_kernel 2.6.14 - - cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
linux linux_kernel 2.6.14.1 - - cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*
linux linux_kernel 2.6.14.2 - - cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*
linux linux_kernel 2.6.14.3 - - cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*
linux linux_kernel 2.6.14.4 - - cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*
linux linux_kernel 2.6.14.5 - - cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*
linux linux_kernel 2.6.14.6 - - cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*
linux linux_kernel 2.6.14.7 - - cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*
linux linux_kernel 2.6.15 - - cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*
linux linux_kernel 2.6.15.1 - - cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*
linux linux_kernel 2.6.15.2 - - cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*
linux linux_kernel 2.6.15.3 - - cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*
linux linux_kernel 2.6.15.4 - - cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*
linux linux_kernel 2.6.15.5 - - cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*
linux linux_kernel 2.6.15.6 - - cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*
linux linux_kernel 2.6.15.7 - - cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*
linux linux_kernel 2.6.16 - - cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
linux linux_kernel 2.6.16.1 - - cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*
linux linux_kernel 2.6.16.2 - - cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
linux linux_kernel 2.6.16.3 - - cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*
linux linux_kernel 2.6.16.4 - - cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*
linux linux_kernel 2.6.16.5 - - cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*
linux linux_kernel 2.6.16.6 - - cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*
linux linux_kernel 2.6.16.7 - - cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*
linux linux_kernel 2.6.16_rc7 - - cpe:2.3:o:linux:linux_kernel:2.6.16_rc7:*:*:*:*:*:*:*
linux linux_kernel 2.6_test9_cvs - - cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
oval:org.mitre.oval:def:9995 vdb-entry
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
RHSA-2006:0437 vendor-advisory
cve.org
访问
22876 third-party-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
19735 third-party-advisory
cve.org
访问
ADV-2006-4502 vdb-entry
cve.org
访问
ADV-2006-2554 vdb-entry
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
RHSA-2006:0579 vendor-advisory
cve.org
访问
20716 third-party-advisory
cve.org
访问
22875 third-party-advisory
cve.org
访问
FEDORA-2006-423 vendor-advisory
cve.org
访问
21136 third-party-advisory
cve.org
访问
USN-302-1 vendor-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
24746 vdb-entry
cve.org
访问
24807 vdb-entry
cve.org
访问
21983 third-party-advisory
cve.org
访问
ADV-2006-4353 vdb-entry
cve.org
访问
21035 third-party-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
DSA-1097 vendor-advisory
cve.org
访问
RHSA-2006:0575 vendor-advisory
cve.org
访问
SUSE-SA:2006:028 vendor-advisory
cve.org
访问
20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue mailing-list
cve.org
访问
ADV-2006-1426 vdb-entry
cve.org
访问
19715 third-party-advisory
cve.org
访问
1015966 vdb-entry
cve.org
访问
20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu mailing-list
cve.org
访问
17600 vdb-entry
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
DSA-1103 vendor-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
FreeBSD-SA-06:14 vendor-advisory
cve.org
访问
21465 third-party-advisory
cve.org
访问
SUSE-SU-2014:0446 vendor-advisory
cve.org
访问
[linux-kernel] 20060419 RE: Linux 2.6.16.9 mailing-list
cve.org
访问
ADV-2006-1475 vdb-entry
cve.org
访问
20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 mailing-list
cve.org
访问
amd-fpu-information-disclosure(25871) vdb-entry
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
20398 third-party-advisory
cve.org
访问
20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
22417 third-party-advisory
cve.org
访问
19724 third-party-advisory
cve.org
访问
20671 third-party-advisory
cve.org
访问
20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 mailing-list
cve.org
访问
20914 third-party-advisory
cve.org
访问
CVSS评分详情
2.1
LOW
CVSS向量: AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS版本: 2.0
机密性
PARTIAL
完整性
NONE
可用性
NONE
时间信息
发布时间:
2006-04-20 10:00:00
修改时间:
2024-08-07 16:56:15
创建时间:
2025-11-11 15:32:32
更新时间:
2025-11-11 15:49:06
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2006-1056 2025-11-11 15:17:40 2025-11-11 07:32:32
NVD nvd_CVE-2006-1056 2025-11-11 14:51:48 2025-11-11 07:41:17
CNNVD cnnvd_CNNVD-200604-336 2025-11-11 15:08:51 2025-11-11 07:49:06
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:49:06
vulnerability_type: 未提取 → 加密问题; cnnvd_id: 未提取 → CNNVD-200604-336; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 加密问题
  • cnnvd_id: 未提取 -> CNNVD-200604-336
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:17
severity: SeverityLevel.MEDIUM → SeverityLevel.LOW; cvss_score: 未提取 → 2.1; cvss_vector: NOT_EXTRACTED → AV:L/AC:L/Au:N/C:P/I:N/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 64; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.LOW
  • cvss_score: 未提取 -> 2.1
  • cvss_vector: NOT_EXTRACTED -> AV:L/AC:L/Au:N/C:P/I:N/A:N
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 64
  • data_sources: ['cve'] -> ['cve', 'nvd']