Description
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
References (23)
Core 23
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=624903
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0723.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1000-1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0771.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46397
Patch x_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8
Broken Link x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2430
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0298
Mailing List, Patch, Third Party Advisory x_refsource_confirm
http://patchwork.ozlabs.org/patch/61857/
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Third Party Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100113326
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/08/18/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/42529
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/08/19/4
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41512
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0779.html
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
19.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-401
Status
published
Products (33)
avaya/aura_communication_manager
5.2
avaya/aura_presence_services
6.0
avaya/aura_presence_services
6.1
avaya/aura_presence_services
6.1.1
avaya/aura_session_manager
1.1
avaya/aura_session_manager
5.2
avaya/aura_session_manager
6.0
avaya/aura_system_manager
5.2
avaya/aura_system_manager
6.0
avaya/aura_system_manager
6.1
... and 23 more
Published
Sep 21, 2010
Tracked Since
Feb 18, 2026