Lucene search

[email protected]CVE-2010-4158

HistoryDec 30, 2010 - 7:00 p.m.

CVE-2010-4158

2010-12-3019:00:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2010-4158

linux kernel

net/core/filter.c

memory location

bpf_s_ld_mem

bpf_s_ldx_mem

local users

sensitive information

kernel stack memory

crafted socket filter

nvd

5.5 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.6%

JSON

The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.36.2
fedoraproject:fedorafedoraproject fedoraeq13
suse:linux_enterprise_serversuse linux enterprise servereq10
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_serversuse linux enterprise servereq11
suse:linux_enterprise_serversuse linux enterprise servereq9
opensuse:opensuseopensuseeq11.2
opensuse:opensuseopensuseeq11.3
suse:linux_enterprise_desktopsuse linux enterprise desktopeq10
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq10

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.36.2
fedoraproject:fedora	fedoraproject fedora	eq	13
suse:linux_enterprise_server	suse linux enterprise server	eq	10
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	9
opensuse:opensuse	opensuse	eq	11.2
opensuse:opensuse	opensuse	eq	11.3
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	10
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	10

Rows per page:

1-10 of 111

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57fe93b374a6b8711995c2d466c502af9f3a08bb

lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html

lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html

lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html

secunia.com/advisories/42745

secunia.com/advisories/42778

secunia.com/advisories/42801

secunia.com/advisories/42884

secunia.com/advisories/42890

secunia.com/advisories/42932

secunia.com/advisories/42963

secunia.com/advisories/43291

secunia.com/advisories/46397

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2

www.mandriva.com/security/advisories?name=MDVSA-2011:029

www.redhat.com/support/errata/RHSA-2010-0958.html

www.redhat.com/support/errata/RHSA-2011-0007.html

www.redhat.com/support/errata/RHSA-2011-0017.html

www.redhat.com/support/errata/RHSA-2011-0162.html

www.securityfocus.com/archive/1/514705

www.securityfocus.com/archive/1/514845

www.securityfocus.com/archive/1/520102/100/0/threaded

www.securityfocus.com/bid/44758

www.spinics.net/lists/netdev/msg146361.html

www.vmware.com/security/advisories/VMSA-2011-0012.html

www.vupen.com/english/advisories/2010/3321

www.vupen.com/english/advisories/2011/0012

www.vupen.com/english/advisories/2011/0124

www.vupen.com/english/advisories/2011/0168

www.vupen.com/english/advisories/2011/0298

www.vupen.com/english/advisories/2011/0375

bugzilla.redhat.com/show_bug.cgi?id=651698

5.5 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2010-4158

seebug1 ubuntucve2 prion2 veracode1 cve1 ubuntu9 openvas47 nessus32 securityvulns4 centos1 redhat4 oraclelinux4 suse6 debian1 osv1 fedora3 vmware2