{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-11-29T15:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"}, {"tags": ["x_refsource_MISC"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862"}, {"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"}, {"name": "[linux-kernel] 20100915 [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.org/lkml/2010/9/15/389"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648661"}, {"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"}, {"name": "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4076", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862", "refsource": "MISC", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862"}, {"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"}, {"name": "[linux-kernel] 20100915 [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory", "refsource": "MLIST", "url": "http://lkml.org/lkml/2010/9/15/389"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=648661", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648661"}, {"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"}, {"name": "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:34:37.234Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862"}, {"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"}, {"name": "[linux-kernel] 20100915 [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.org/lkml/2010/9/15/389"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648661"}, {"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"}, {"name": "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4076", "datePublished": "2010-11-29T15:00:00Z", "dateReserved": "2010-10-25T00:00:00Z", "dateUpdated": "2024-09-16T23:30:51.120Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2610841E-CC0B-4B29-A89F-3F51AECDEEA0", "versionEndIncluding": "2.6.36.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call."}, {"lang": "es", "value": "La funci\u00f3n rs_ioctl de drivers/char/amiserial.c del kernel de Linux en versiones 2.6.36.1 y anteriores no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios locales obtener informaci\u00f3n potencialmente confidencial de la memoria de la pila del kernel a trav\u00e9s de una llamada ioctl TIOCGICOUNT."}], "id": "CVE-2010-4076", "lastModified": "2023-11-07T02:06:05.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-11-29T16:00:03.273", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/9/15/389"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648661"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Dan Rosenberg for reporting this issue.", "bugzilla": {"description": "kernel: drivers/char/amiserial.c: reading uninitialized stack memory", "id": "648661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648661"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call."], "name": "CVE-2010-4076", "public_date": "2010-09-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-4076\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4076"], "statement": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include support for Amiga built-in serial port.", "threat_severity": "Low"}