What is CVE-2010-3078?

CVE-2010-3078 is a medium-severity vulnerability in Linux Linux_kernel, classified under Information Disclosure. CVSS score: 5.5/10. Published 2010-09-21.

How severe is CVE-2010-3078?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Information disclosure in Linux Linux_kernel

CVE-2010-3078

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack me…

Vulnerability class: Information Disclosure

EPSS: 0.001 (24.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Linux Linux_kernel — versions 2.6.36
Vmware Esx — versions 4.0, 4.1
Canonical Ubuntu_linux — versions 10.10, 6.06, 10.04
Opensuse — versions 11.3, 11.1
Suse Suse_linux_enterprise_desktop — versions 11
Suse Suse_linux_enterprise_server — versions 11
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

[oss-security] 20100907 CVE request: kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
USN-1000-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
SUSE-SA:2010:041 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
[xfs-masters] 20100906 [PATCH] xfs: prevent reading uninitialized stack memory (mailing-list, x_refsource_MLIST, Broken Link)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory, VDB Entry)
secalert@redhat.com (x_refsource_CONFIRM)
46397 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
RHSA-2011:0007 (x_refsource_REDHAT, vendor-advisory, Broken Link)
ADV-2010-2430 (vdb-entry, x_refsource_VUPEN, Broken Link)
SUSE-SA:2011:007 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2010-3078?: CVE-2010-3078 is a medium-severity vulnerability in Linux Linux_kernel, classified under Information Disclosure. CVSS score: 5.5/10. Published 2010-09-21.
How severe is CVE-2010-3078?: Medium severity. CVSS v3 base score is 5.5 out of 10.