CVE-2010-3877

The CVE-2010-3877 issue affects the Linux kernel (as cited in MiracleLinux AXSA:2011-143:02 and related advisories) where get_name in net/tipc/socket.c does not initialize a structure, enabling local attackers to read uninitialized kernel stack memory and leak information. Impact is a local infor...

PT-2011-1445 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37-rc2 Description: The issue concerns the ax25 getname function in the Linux kernel, which fails to initialize a certain structure. This allows local users to potentially obtain sensitive information from...

CVE-2010-3875

The ax25getname function in net/ax25/afax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...

PT-2011-1106 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37-rc2 kernel-devel-2.6.9 kernel-doc-2.6.9 kernel-hugemem-2.6.9 kernel-2.6.9 kernel-largesmp-2.6.9 kernel-smp-devel-2.6.9 kernel-smp-2.6.9 kernel-hugemem-devel-2.6.9 kernel-largesmp-devel-2.6.9...

CVE-2010-4158

The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...

CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device...

kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory

The viafbioctlgetviafbinfo function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFBGETINFO ioctl call...

kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the 1 mos7720ioctl function in...

CVE-2010-4083

The copysemidtouser function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a 1 IPCINFO, 2 SEMINFO, 3 IPCSTAT, or 4 SEMSTAT command in a semctl system call...

Design/Logic Flaw

The copysemidtouser function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a 1 IPCINFO, 2 SEMINFO, 3 IPCSTAT, or 4 SEMSTAT command in a semctl system call...

CVE-2010-4081

The sndhdspmhwdepioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRVHDSPMIOCTLGETCONFIGINFO ioctl call...

CVE-2010-3858

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

CVE-2010-4083

The copysemidtouser function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a 1 IPCINFO, 2 SEMINFO, 3 IPCSTAT, or 4 SEMSTAT command in a semctl system call...

php: fnmatch long pattern stack memory exhaustion (MOPS-2010-021)

Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service PHP crash via a crafted first argument to the fnmatch function, as demonstrated using a long string...

CVE-2010-4073

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the 1 compatsyssemctl, 2 compatsysmsgctl, and 3 compatsysshmctl functions in...

Session fixation

The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2010-4077

CVE-2010-4077 affects the Linux kernel up to 2.6.36.1: the function ntty_ioctl_tiocgicount in drivers/char/nozomi.c fails to initialize a structure member, allowing local attackers to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. The connected advisori...

CVE-2010-4076

The rsioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2010-4078

CVE-2010-4078 affects the Linux kernel before 2.6.36-rc6, where the sisfb_ioctl function in drivers/video/sis/sis_main.c fails to properly initialize a structure member. This allows local users to leak potentially sensitive information from kernel stack memory via the FBIOGET_VBLANK ioctl. Connec...

CVE-2010-4079

The ivtvfbioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGETVBLANK ioctl call...