5901 matches found
Linux Kernel "FBIOGET_VBLANK" IOCTL本地信息泄露漏洞
BUGTRAQ ID: 45062 CVE ID: CVE-2010-4079 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在实现上存在漏洞,本地攻击者可利用此漏洞获取敏感信息,从而有利于执行其他攻击。 V4L/DVB: ivtvfb: 防止读取未始化栈内存。FBIOGETVBLANK device ioctl允许未授权用户读取16字节的未始化栈内存,因为在栈上公布的fbvblank结构的“保留”的成员在复制给用户之前没有变更或清零。 Linux kernel 2.6.0 - 2.6.37 厂商补丁: Linux -----...
Linux Kernel "hdsp.c" IOCTL本地信息泄露漏洞
BUGTRAQ ID: 45063 CVE ID: CVE-2010-4081 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在实现上存在漏洞,本地攻击者可利用此漏洞获取敏感信息,可能有利于执行其他攻击。 hdspm.c和hdsp.c中的SNDRVHDSPIOCTLGETCONFIGINFO和 SNDRVHDSPIOCTLGETCONFIGINFO允许未授权用户读取未初始化内核栈内存,因为栈上公布的 hdspmconfiginfo的几个字段在复制给用户之前未改变或清零。 Linux kernel 2.6.0 - 2.6.37 厂商补丁:...
Design/Logic Flaw
The sndhdsphwdepioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRVHDSPIOCTLGETCONFIGINFO ioctl call...
Design/Logic Flaw
The viafbioctlgetviafbinfo function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFBGETINFO ioctl call...
Information disclosure
The sndhdspmhwdepioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRVHDSPMIOCTLGETCONFIGINFO ioctl call...
CVE-2010-4080
The sndhdsphwdepioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRVHDSPIOCTLGETCONFIGINFO ioctl call...
CVE-2010-4082
The viafbioctlgetviafbinfo function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFBGETINFO ioctl call...
CVE-2010-4082
The viafbioctlgetviafbinfo function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFBGETINFO ioctl call...
CVE-2010-4075
The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...
CVE-2010-4074
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the 1 mos7720ioctl function in...
Session fixation
The ivtvfbioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGETVBLANK ioctl call...
Session fixation
The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...
Design/Logic Flaw
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the 1 mos7720ioctl function in...
Session fixation
The nttyioctltiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...
CVE-2010-4078
The sisfbioctl function in drivers/video/sis/sismain.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGETVBLANK ioctl call...
CVE-2010-4077
CVE-2010-4077 affects the Linux kernel up to 2.6.36.1: the function ntty_ioctl_tiocgicount in drivers/char/nozomi.c fails to initialize a structure member, allowing local attackers to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. The connected advisori...
CVE-2010-4074
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the 1 mos7720ioctl function in...
CVE-2010-4076
The rsioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...
CVE-2010-4075
The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...
CVE-2010-4076
CVE-2010-4076 affects Linux kernel 2.6.36.1 and earlier. The rs_ioctl function in drivers/char/amiserial.c does not initialize a structure member, enabling local users to read potentially sensitive information from kernel stack memory via TIOCGICOUNT. A fix is to apply the kernel update that addr...