Lucene search

[email protected]CVE-2010-4076

HistoryNov 29, 2010 - 4:00 p.m.

CVE-2010-4076

2010-11-2916:00:00

CWE-200

[email protected]

web.nvd.nist.gov

linux kernel

rs_ioctl

cve-2010-4076

information security

ioctl call

nvd

6.6 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.36.1

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.36.1

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862

lkml.org/lkml/2010/9/15/389

www.openwall.com/lists/oss-security/2010/09/25/2

www.openwall.com/lists/oss-security/2010/10/06/6

www.openwall.com/lists/oss-security/2010/10/07/1

www.openwall.com/lists/oss-security/2010/10/25/3

bugzilla.redhat.com/show_bug.cgi?id=648661

6.6 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2010-4076

ubuntucve1 prion1 openvas28 nessus20 ubuntu10 securityvulns2 suse4 packetstorm1