Tim Yamin

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel-image versions 2.4.27-3-386 through 2.6.8-3-686-smp Debian GNU/Linux kernel-headers versions 2.4.27-3-386 through 2.6.8-3-686-smp Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-3-386 through 2.6.8-3-686-smp Debian GNU/Linux kernel-build versions 2.4.27-3-386 through 2.6.8-3-686-smp Debian GNU/Linux lm-sensors versions 2.4.27-3-386 through 2.4.27-3-686-smp Debian GNU/Linux i2c versions 2.4.27-3-386 through 2.4.27-3-686-smp Debian GNU/Linux hostap-modules versions 2.6.8-3-386 through 2.6.8-3-686-smp Debian GNU/Linux pcmcia-modules versions 2.4.27-3-386 through 2.4.27-3-686-smp SUSE Linux Enterprise k um (affected versions not specified) SUSE Linux Enterprise Intel-v92ham (affected versions not specified) SUSE Linux Enterprise k smp4G (affected versions not specified) **Description** The issue affects multiple packages in the Debian GNU/Linux and SUSE Linux Enterprise operating systems, allowing for remote exploitation of vulnerabilities that can lead to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely. **Recommendations** For Debian GNU/Linux kernel-image versions 2.4.27-3-386 through 2.6.8-3-686-smp, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-headers versions 2.4.27-3-386 through 2.6.8-3-686-smp, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-3-386 through 2.6.8-3-686-smp, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-build versions 2.4.27-3-386 through 2.6.8-3-686-smp, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux lm-sensors versions 2.4.27-3-386 through 2.4.27-3-686-smp, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux i2c versions 2.4.27-3-386 through 2.4.27-3-686-smp, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux hostap-modules versions 2.6.8-3-386 through 2.6.8-3-686-smp, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux pcmcia-modules versions 2.4.27-3-386 through 2.4.27-3-686-smp, update to a newer version that contains a fix for this vulnerability. For SUSE Linux Enterprise k um, Intel-v92ham, and k smp4G, contact the vendor for a fix or update, as the affected versions are not specified.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 2.4 Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs Debian GNU/Linux kernel-image-2.4.18-sun4u Debian GNU/Linux kernel-image-2.4.18-sun4u-smp Debian GNU/Linux kernel-image-2.4.19-sun4u Debian GNU/Linux kernel-image-2.4.19-sun4u-smp Debian GNU/Linux kernel-headers-2.4.18-sparc Debian GNU/Linux kernel-headers-2.4.19-sparc Debian GNU/Linux kernel-patch-benh **Description** The issue is related to certain USB drivers in the Linux 2.4 kernel using the copy to user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. Multiple vulnerabilities in Debian GNU/Linux kernel packages can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. **Recommendations** For Linux kernel version 2.4, update to a newer version to mitigate the risk. For Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs, consider disabling the vulnerable kernel module until a patch is available. For Debian GNU/Linux kernel-image-2.4.18-sun4u, restrict access to the vulnerable kernel module to minimize the risk of exploitation. For Debian GNU/Linux kernel-image-2.4.18-sun4u-smp, avoid using the vulnerable kernel module in production environments until the issue is resolved. For Debian GNU/Linux kernel-image-2.4.19-sun4u, consider applying configuration changes to mitigate the vulnerability. For Debian GNU/Linux kernel-image-2.4.19-sun4u-smp, restrict access to the vulnerable kernel module to minimize the risk of exploitation. For Debian GNU/Linux kernel-headers-2.4.18-sparc, consider disabling the vulnerable kernel module until a patch is available. For Debian GNU/Linux kernel-headers-2.4.19-sparc, avoid using the vulnerable kernel module in production environments until the issue is resolved. For Debian GNU/Linux kernel-patch-benh, consider applying configuration changes to mitigate the vulnerability.