What is CVE-2010-2942?

CVE-2010-2942 is a medium-severity vulnerability in Avaya Aura_communication_manager, classified under Missing Release of Memory after Effective Lifetime. CVSS score: 5.5/10. Published 2010-09-21.

How severe is CVE-2010-2942?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Vulnerability in Avaya Aura_communication_manager

CVE-2010-2942

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially s…

EPSS: 0.001 (19.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Avaya Aura_communication_manager — versions 5.2
Avaya Aura_presence_services — versions 6.1.1, 6.0, 6.1
Avaya Aura_session_manager — versions 1.1, 6.0, 5.2
Avaya Aura_system_manager — versions 6.1.1, 6.0, 5.2
Avaya Aura_system_platform — versions 1.1, 6.0
Avaya Iq — versions 5.0, 5.1
Avaya Voice_portal — versions 5.0, 5.1
Linux Linux_kernel — versions 2.6.36
Vmware Esx — versions 4.0, 4.1
Canonical Ubuntu_linux — versions 10.10, 6.06, 10.04

Weakness classification (CWE)

CWE-401 — Missing Release of Memory after Effective Lifetime

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
RHSA-2010:0723 (x_refsource_REDHAT, vendor-advisory, Broken Link)
USN-1000-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
SUSE-SA:2010:041 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
RHSA-2010:0771 (x_refsource_REDHAT, vendor-advisory, Broken Link)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory, VDB Entry)
46397 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Broken Link)
SUSE-SA:2010:040 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2010-2942?: CVE-2010-2942 is a medium-severity vulnerability in Avaya Aura_communication_manager, classified under Missing Release of Memory after Effective Lifetime. CVSS score: 5.5/10. Published 2010-09-21.
How severe is CVE-2010-2942?: Medium severity. CVSS v3 base score is 5.5 out of 10.