fkie_cve-2010-3881
Vulnerability from fkie_nvd
Published
2010-12-23 18:00
Modified
2024-11-21 01:19
Severity ?
Summary
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
suse | suse_linux_enterprise_desktop | 11 | |
suse | suse_linux_enterprise_high_availability_extension | 11 | |
suse | suse_linux_enterprise_server | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "056295BE-D525-4749-887C-CDE2755A6FA6", "versionEndExcluding": "2.6.36.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "10A193CD-12B9-4236-8A2C-E8CEAE592952", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "6338B25E-3246-45E8-8C4C-6094036104D2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "F691F4E7-2FF1-4EFB-B21F-E510049A9940", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device." }, { "lang": "es", "value": "arch/x86/kvm/x86.c en el kernel de Linux v2.6.36.2 no inicializa ciertos miembros de estructura, lo que permite a usuarios locales obtener informaci\u00f3n potencialmente sensible del la pila de la pila de memoria del kernel a trav\u00e9s de operaciones de lectura en el dispositivo /dev/kvm device." } ], "id": "CVE-2010-3881", "lastModified": "2024-11-21T01:19:49.067", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-12-23T18:00:02.120", "references": [ { "source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838" }, { "source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2010/11/04/10" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2010/11/05/4" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2010-0998.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42932" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://securitytracker.com/id?1024912" }, { "source": "secalert@redhat.com", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/44666" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.spinics.net/lists/kvm/msg44130.html" }, { "source": "secalert@redhat.com", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2010/3287" }, { "source": "secalert@redhat.com", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2011/0124" }, { "source": "secalert@redhat.com", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649920" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2010/11/04/10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2010/11/05/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2010-0998.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42932" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://securitytracker.com/id?1024912" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/44666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.spinics.net/lists/kvm/msg44130.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2010/3287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2011/0124" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649920" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.