CVE-2010-4074
Published Nov 29, 2010
Last updated a year ago
Overview
- Description
- The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 1.9
- Impact score
- 2.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8DCE5E2-B055-4F05-8F0F-F19D1B7BA8D7",
"versionEndExcluding": "2.6.36"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBE26099-6D2C-4FAF-B15C-CBF985D59171"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2C193FF-3723-4BE9-8787-DED7D455FA8F"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F874FE6A-968D-47E1-900A-E154E41EDAF8"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14B7B8AE-CE83-4F0E-9138-6F165D97C19F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
}
],
"operator": "OR"
}
]
}
]