CVE-2010-4075

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.9 Red Hat Enterprise Linux kernel versions 2.6.9 CentOS kernel versions 2.6.9

Description The issue affects the Linux kernel and its variants in Red Hat Enterprise Linux and CentOS, allowing for potential disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. A specific function, uart get count, in the Linux kernel before version 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

Recommendations For Linux kernel version 2.6.9, update to a version after 2.6.37-rc1 to resolve the issue. For Red Hat Enterprise Linux kernel version 2.6.9, update to a version after 2.6.37-rc1 to resolve the issue. For CentOS kernel version 2.6.9, update to a version after 2.6.37-rc1 to resolve the issue. As a temporary workaround, consider restricting access to the uart get count function until a patch is available.