1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.4%
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly
initialize certain structure members, which allows local users to obtain
potentially sensitive information from kernel stack memory via vectors
related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in
drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in
drivers/usb/serial/mos7840.c.
lkml.org/lkml/2010/9/15/392
www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5
launchpad.net/bugs/cve/CVE-2010-4074
nvd.nist.gov/vuln/detail/CVE-2010-4074
security-tracker.debian.org/tracker/CVE-2010-4074
ubuntu.com/security/notices/USN-1072-1
ubuntu.com/security/notices/USN-1073-1
ubuntu.com/security/notices/USN-1074-1
ubuntu.com/security/notices/USN-1074-2
www.cve.org/CVERecord?id=CVE-2010-4074