← voltar
CVE-2010-4074

CVE-2010-4074

EPSS 0.4%
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098http://lkml.org/lkml/2010/9/15/392https://bugzilla.redhat.com/show_bug.cgi?id=648659http://secunia.com/advisories/42890http://www.debian.org/security/2010/dsa-2126http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5http://www.openwall.com/lists/oss-security/2010/09/25/2http://www.openwall.com/lists/oss-security/2010/10/06/6http://www.openwall.com/lists/oss-security/2010/10/07/1http://www.openwall.com/lists/oss-security/2010/10/25/3http://www.redhat.com/support/errata/RHSA-2010-0958.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0007.html