CVE-2010-4655

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.36

Description The issue allows local users to obtain potentially sensitive information from kernel heap memory. This is possible by leveraging the CAP NET ADMIN capability for an ethtool ioctl call, due to the failure to initialize certain data structures in net/core/ethtool.c.

Recommendations For Linux kernel versions prior to 2.6.36, update to version 2.6.36 or later to resolve the issue.

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

CVE-2010-4655

DSA-2264-1

RHSA-2011:0263

RHSA-2011:0303

RHSA-2011:0330

RHSA-2011:0421

RHSA-2011_0263

RHSA-2011_0303

RHSA-2011_0421

Affected Products

Linux Kernel

Red Hat

CVE-2010-4655

Weakness Enumeration

Related Identifiers

Affected Products

References · 64