CVE-2010-4074

Vulnerability Description

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
• http://lkml.org/lkml/2010/9/15/392Mailing ListPatchThird Party Advisory
• http://secunia.com/advisories/42890Third Party Advisory
• http://www.debian.org/security/2010/dsa-2126Third Party Advisory
• http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5Broken Link
• http://www.openwall.com/lists/oss-security/2010/09/25/2Mailing ListPatchThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/10/06/6Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/10/07/1Mailing ListPatchThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/10/25/3Mailing ListPatchThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2010-0958.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2011-0007.htmlThird Party Advisory
• http://www.securityfocus.com/bid/45074Third Party AdvisoryVDB Entry
• https://bugzilla.redhat.com/show_bug.cgi?id=648659Issue TrackingPatchThird Party Advisory
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
• http://lkml.org/lkml/2010/9/15/392Mailing ListPatchThird Party Advisory