CVE-2010-4080 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2010-4080?

CVE-2010-4080 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-4080?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension, Suse Linux Enterprise Server.

Vulnerability Description

The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.36
Opensuse	Opensuse	11.2
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Real Time Extension	11
Suse	Linux Enterprise Server	10
Suse	Linux Enterprise Software Development Kit	10
Debian	Debian Linux	5.0

Related Weaknesses (CWE)

CWE-200

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing ListThird Party Advisory
http://lkml.org/lkml/2010/9/25/41PatchThird Party Advisory
http://secunia.com/advisories/42778Third Party Advisory
http://secunia.com/advisories/42801Third Party Advisory
http://secunia.com/advisories/42884Third Party Advisory
http://secunia.com/advisories/42890Third Party Advisory
http://secunia.com/advisories/42963Third Party Advisory
http://secunia.com/advisories/46397Third Party Advisory
http://www.debian.org/security/2010/dsa-2126Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6Broken Link
http://www.openwall.com/lists/oss-security/2010/09/25/2Mailing ListPatchThird Party Advisory

FAQ

What is CVE-2010-4080?

CVE-2010-4080 is a vulnerability with a CVSS score of 2.1 (LOW). The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive in...

How severe is CVE-2010-4080?

CVE-2010-4080 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-4080?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension, Suse Linux Enterprise Server.