CVE-2010-4565

Linux Kernel < 2.6.36 - Exposure of Sensitive Information via CAN Broadcast Manager Filename

Title source: llm
STIX 2.1

Description

The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.

References (11)

Core 11
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/12/20/2
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.spinics.net/lists/netdev/msg145796.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.spinics.net/lists/netdev/msg146270.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/12/21/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/04/4
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=664544
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.spinics.net/lists/netdev/msg146468.html
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.spinics.net/lists/netdev/msg145791.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44661
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/03/3

Scores

EPSS 0.0049
EPSS Percentile 38.8%

Details

CWE
CWE-200
Status published
Products (1)
linux/linux_kernel < 2.6.36
Published Dec 29, 2010
Tracked Since Feb 18, 2026