CVE-2010-4074

Linux Kernel < 2.6.36 - Information Disclosure via Uninitialized USB Structure Members

Title source: llm
STIX 2.1

Description

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

References (13)

Core 13
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/25/2
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/06/6
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=648659
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0007.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://lkml.org/lkml/2010/9/15/392
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0958.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/07/1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45074
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42890
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/25/3
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2126

Scores

EPSS 0.0038
EPSS Percentile 30.1%

Details

CWE
CWE-200
Status published
Products (3)
debian/debian_linux 5.0
linux/linux_kernel 2.6.36 (5 CPE variants)
linux/linux_kernel < 2.6.36
Published Nov 29, 2010
Tracked Since Feb 18, 2026