CVE-2008-3901

EUVD-2008-3887
Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
suspend2software_suspend_2
2-2.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
dapper
dne
feisty
dne
gutsy
dne
hardy
ignored
linux-source-2.6.15
dapper
ignored
feisty
dne
gutsy
dne
hardy
dne
linux-source-2.6.20
dapper
dne
feisty
ignored
gutsy
dne
hardy
dne
linux-source-2.6.22
dapper
dne
feisty
dne
gutsy
ignored
hardy
dne
Common Weakness Enumeration
References
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf