CVE-2004-0685

Linux 2.4 - Info Disclosure

Title source: llm

Description

Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.

References (19)

[Issue Tracking] http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921

[Third Party Advisory] http://secunia.com/advisories/20162

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1067

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1069

[Patch, Vendor Advisory] http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/981134

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-504.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-505.html

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/10892

[Various Sources] http://www.securityspace.com/smysecure/catid.html?id=14580

[Various Sources] http://www.trustix.net/errata/2004/0041/

[Issue Tracking] https://bugzilla.fedora.us/show_bug.cgi?id=2336

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1070

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1082

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16931

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10665

[Third Party Advisory] http://secunia.com/advisories/20163

[Third Party Advisory] http://secunia.com/advisories/20202

[Third Party Advisory] http://secunia.com/advisories/20338

Scores

EPSS 0.0015

EPSS Percentile 35.1%

Classification

Status draft

Affected Products (50)

linux/linux_kernel

... and 35 more

Timeline

Published Dec 23, 2004

Tracked Since Feb 18, 2026