CVE-2010-3875

Linux Kernel < 2.6.37 - Information Exposure via Uninitialized ax25_getname Structure

Title source: llm
STIX 2.1

Description

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

References (10)

Core 10
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/04/5
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/02/7
Patch, Third Party Advisory mailing-list x_refsource_mlist
http://marc.info/?l=linux-netdev&m=128854507120898&w=2
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=649713
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44630
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2126

Scores

EPSS 0.0039
EPSS Percentile 31.2%

Details

CWE
CWE-200
Status published
Products (3)
debian/debian_linux 5.0
linux/linux_kernel 2.6.37 (2 CPE variants)
linux/linux_kernel < 2.6.37
Published Jan 03, 2011
Tracked Since Feb 18, 2026