CVE-2010-4077

Linux Kernel < 2.6.36.1 - Information Disclosure via TIOCGICOUNT ioctl

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4077. PoCs published by prdelka.

AI-analyzed exploit summary This exploit leverages an uninitialized struct member in the Linux kernel's serial_core module to leak kernel stack memory to userland via the TIOCGICOUNT ioctl. It dumps the leaked data to a file and displays it on the command line.

Description

The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

Exploits (1)

exploitdb WORKING POC

by prdelka · cdoslinux

https://www.exploit-db.com/exploits/16973

View Code ZIP pw:eip

This exploit leverages an uninitialized struct member in the Linux kernel's serial_core module to leak kernel stack memory to userland via the TIOCGICOUNT ioctl. It dumps the leaked data to a file and displays it on the command line.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel <= 2.6.37-rc1

No auth needed

Prerequisites: Access to a serial device (e.g., /dev/ttyS0)

MITRE ATT&CK

T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Patch x_refsource_misc

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/09/25/2

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/10/06/6

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45059

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0007.html

Patch, Third Party Advisory mailing-list x_refsource_mlist

http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03387.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0958.html

Exploit, Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8129

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/10/07/1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42890

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/10/25/3

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=648663

Scores

EPSS 0.0104

EPSS Percentile 59.4%

Details

CWE

CWE-200

Status published

Products (1)

linux/linux_kernel < 2.6.36.1

Published Nov 29, 2010

Tracked Since Feb 18, 2026