Vulnerability in Linux Linux_kernel
CVE-2010-3877
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of th…
EPSS: 0.001 (28.7th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel — versions 2.6.37
- Debian Debian_linux — versions 5.0
- N/a — versions n/a
Weakness classification (CWE)
References
- kernel-getname-info-disc(64578) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory, VDB Entry)
- RHSA-2011:0017 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 46397 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Broken Link)
- [oss-security] 20101104 Re: CVE request: kernel stack infoleaks (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- [netdev] 20101031 [PATCH 3/3] net: tipc: fix information leak to userland (mailing-list, x_refsource_MLIST, Patch, Third Party Advisory)
- [oss-security] 20101102 CVE request: kernel stack infoleaks (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)