gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html
gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html
gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html
gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51
lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
lists.vmware.com/pipermail/security-announce/2008/000023.html
lkml.org/lkml/2008/3/5/207
lwn.net/Articles/272048/
rhn.redhat.com/errata/RHSA-2008-0508.html
secunia.com/advisories/30110
secunia.com/advisories/30116
secunia.com/advisories/30818
secunia.com/advisories/30850
secunia.com/advisories/30890
secunia.com/advisories/30962
secunia.com/advisories/31246
www.redhat.com/support/errata/RHSA-2008-0211.html
www.redhat.com/support/errata/RHSA-2008-0233.html
www.securityfocus.com/bid/29084
www.vupen.com/english/advisories/2008/2222/references
bugzilla.redhat.com/show_bug.cgi?id=437312
exchange.xforce.ibmcloud.com/vulnerabilities/41340
marc.info/?l=git-commits-head&m=120492000901739&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108