Vulnerability in Linux Linux_kernel
CVE-2010-4083
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) S…
EPSS: 0.001 (25.0th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel
- Debian Debian_linux — versions 5.0
- Opensuse — versions 11.3
- Suse Linux_enterprise_desktop — versions 10, 11
- Suse Linux_enterprise_real_time_extension — versions 11
- Suse Linux_enterprise_server — versions 10, 11, 9
- Suse Linux_enterprise_software_development_kit — versions 10
- N/a — versions n/a
Weakness classification (CWE)
References
- 43809 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- [oss-security] 20100925 CVE request: multiple kernel stack memory disclosures (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- 42789 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- ADV-2011-0024 (Third Party Advisory, vdb-entry, x_refsource_VUPEN)
- SUSE-SA:2011:004 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 42778 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- RHSA-2011:0004 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- [mm-commits] 20100923 + sys_semctl-fix-kernel-stack-leakage.patch added to -mm tree (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory, VDB Entry)