CVE-2010-4083
30.11.2010, 22:14
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 𝑥 < 2.6.36 |
| opensuse | opensuse | 11.3 |
| debian | debian_linux | 5.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||||
| linux-ec2 |
| ||||||||||||
| linux-fsl-imx51 |
| ||||||||||||
| linux-lts-backport-maverick |
| ||||||||||||
| linux-lts-backport-natty |
| ||||||||||||
| linux-mvl-dove |
| ||||||||||||
| linux-source-2.6.15 |
| ||||||||||||
| linux-ti-omap4 |
|
Common Weakness Enumeration
References