CVE-2010-2942

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise kernel-vmipae-debuginfo (affected versions not specified) SUSE Linux Enterprise kernel-kdumppae-debuginfo (affected versions not specified) openSUSE drbd-kmp-default (affected versions not specified) Linux kernel versions prior to 2.6.36-rc2

Description The issue concerns multiple vulnerabilities in various packages of SUSE Linux Enterprise and openSUSE operating systems, as well as the Linux kernel. These vulnerabilities can be exploited to compromise the confidentiality, integrity, and availability of protected information. Exploitation can be performed remotely in the case of SUSE Linux Enterprise kernel-vmipae-debuginfo and kernel-kdumppae-debuginfo packages, and locally for the openSUSE drbd-kmp-default package. The Linux kernel vulnerability allows local users to obtain potentially sensitive information from kernel memory via certain dump operations related to network queueing functionality, specifically through functions such as tcf gact dump, tcf mirred dump, tcf nat dump, tcf simp dump, and tcf skbedit dump in various files under net/sched.

Recommendations For SUSE Linux Enterprise kernel-vmipae-debuginfo, consider restricting access to sensitive information until a patch is available. For SUSE Linux Enterprise kernel-kdumppae-debuginfo, restrict access to sensitive information until a patch is available. For openSUSE drbd-kmp-default, consider disabling local access to sensitive information until a patch is available. For Linux kernel versions prior to 2.6.36-rc2, update to a version 2.6.36-rc2 or later to resolve the issue. At the moment, there is no information about a newer version that contains a fix for the SUSE Linux Enterprise and openSUSE vulnerabilities.