Description
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
References (23)
Core 23
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/07/1
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1000-1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
Broken Link mailing-list
x_refsource_mlist
http://www.linux.sgi.com/archives/xfs-masters/2010-09/msg00002.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Patch x_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46397
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0007.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2430
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0298
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0839.html
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/07/12
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42890
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024418
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41284
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=630804
Broken Link x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43022
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41512
Scores
CVSS v3
5.5
EPSS
0.0008
EPSS Percentile
24.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (14)
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
9.04
canonical/ubuntu_linux
9.10
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
linux/linux_kernel
2.6.36 (4 CPE variants)
linux/linux_kernel
< 2.6.35.4
opensuse/opensuse
11.1
opensuse/opensuse
11.3
... and 4 more
Published
Sep 21, 2010
Tracked Since
Feb 18, 2026