CVE-2010-4074
Linux Kernel < 2.6.36 - Information Disclosure via Uninitialized USB Structure Members
Title source: llmDescription
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.
References (13)
Core 13
Core References
Patch x_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/25/2
Broken Link x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/06/6
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=648659
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0007.html
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://lkml.org/lkml/2010/9/15/392
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0958.html
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/07/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45074
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42890
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/25/3
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2126
Scores
EPSS
0.0038
EPSS Percentile
30.1%
Details
CWE
CWE-200
Status
published
Products (3)
debian/debian_linux
5.0
linux/linux_kernel
2.6.36 (5 CPE variants)
linux/linux_kernel
< 2.6.36
Published
Nov 29, 2010
Tracked Since
Feb 18, 2026