CVE-2010-2955

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.36-rc3-next-20100831 cpint-kmp-default (affected versions not specified) cloop-kmp-default (affected versions not specified) drbd-kmp-default (affected versions not specified)

Description The issue allows local users to obtain potentially sensitive information from kernel heap memory due to an off-by-one error in the ioctl standard iw point function. This can be achieved via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. Multiple vulnerabilities in the cpint-kmp-default, cloop-kmp-default, and drbd-kmp-default packages of the SUSE Linux Enterprise and openSUSE operating systems can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally.

Recommendations For Linux kernel versions prior to 2.6.36-rc3-next-20100831, update to a version after 2.6.36-rc3-next-20100831 to resolve the issue. For cpint-kmp-default, cloop-kmp-default, and drbd-kmp-default, at the moment, there is no information about a newer version that contains a fix for this vulnerability.