CVE-2010-4074

2010-11-2900:00:00

ubuntu.com

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.4%

JSON

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly
initialize certain structure members, which allows local users to obtain
potentially sensitive information from kernel stack memory via vectors
related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in
drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in
drivers/usb/serial/mos7840.c.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=648659>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-28.86UNKNOWN
ubuntu9.10noarchlinux< 2.6.31-22.73UNKNOWN
ubuntu9.10noarchlinux-ec2< 2.6.31-307.27UNKNOWN
ubuntu9.10noarchlinux-fsl-imx51< 2.6.31-112.30UNKNOWN
ubuntu10.04noarchlinux-fsl-imx51< 2.6.31-608.22UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	linux	< 2.6.24-28.86	UNKNOWN
ubuntu	9.10	noarch	linux	< 2.6.31-22.73	UNKNOWN
ubuntu	9.10	noarch	linux-ec2	< 2.6.31-307.27	UNKNOWN
ubuntu	9.10	noarch	linux-fsl-imx51	< 2.6.31-112.30	UNKNOWN
ubuntu	10.04	noarch	linux-fsl-imx51	< 2.6.31-608.22	UNKNOWN