Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-3881
HistoryDec 23, 2010 - 12:00 a.m.

CVE-2010-3881

2010-12-2300:00:00
ubuntu.com
ubuntu.com
20

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

0

Percentile

10.1%

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize
certain structure members, which allows local users to obtain potentially
sensitive information from kernel stack memory via read operations on the
/dev/kvm device.

Notes

Author Note
smb Releases before Lucid do not contain the IOCTL functions affected. For ti-omap, mvl-dove and ec2 the change of KVM should not matter at all.
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-28.52UNKNOWN
ubuntu10.10noarchlinux< 2.6.35-25.43UNKNOWN
ubuntu10.04noarchlinux-ec2< contained in 2.6.32-313.25 in proposedUNKNOWN
ubuntu10.04noarchlinux-lts-backport-maverick< lts-2.6.35-25.44 in proposedUNKNOWN
ubuntu10.04noarchlinux-mvl-dove< 2.6.32-211.27UNKNOWN
ubuntu10.10noarchlinux-mvl-dove< 2.6.32-414.30UNKNOWN
ubuntu10.10noarchlinux-ti-omap4< 2.6.35-903.16UNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

0

Percentile

10.1%