CVE-2010-4074

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098
http://lkml.org/lkml/2010/9/15/392	Mailing List Patch Third Party Advisory
http://secunia.com/advisories/42890	Third Party Advisory
http://www.debian.org/security/2010/dsa-2126	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5	Broken Link
http://www.openwall.com/lists/oss-security/2010/09/25/2	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/06/6	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/07/1	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/25/3	Mailing List Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0958.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0007.html	Third Party Advisory
http://www.securityfocus.com/bid/45074	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=648659	Issue Tracking Patch Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098
http://lkml.org/lkml/2010/9/15/392	Mailing List Patch Third Party Advisory
http://secunia.com/advisories/42890	Third Party Advisory
http://www.debian.org/security/2010/dsa-2126	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5	Broken Link
http://www.openwall.com/lists/oss-security/2010/09/25/2	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/06/6	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/07/1	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/25/3	Mailing List Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0958.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0007.html	Third Party Advisory
http://www.securityfocus.com/bid/45074	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=648659	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.36:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.36:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.36:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.36:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.36:rc4::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:20

Type	Values Removed	Values Added
References	~~() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098 -~~	() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098 -
References	~~() http://lkml.org/lkml/2010/9/15/392 - Mailing List, Patch, Third Party Advisory~~	() http://lkml.org/lkml/2010/9/15/392 - Mailing List, Patch, Third Party Advisory
References	~~() http://secunia.com/advisories/42890 - Third Party Advisory~~	() http://secunia.com/advisories/42890 - Third Party Advisory
References	~~() http://www.debian.org/security/2010/dsa-2126 - Third Party Advisory~~	() http://www.debian.org/security/2010/dsa-2126 - Third Party Advisory
References	~~() http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5 - Broken Link~~	() http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5 - Broken Link
References	~~() http://www.openwall.com/lists/oss-security/2010/09/25/2 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2010/09/25/2 - Mailing List, Patch, Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2010/10/06/6 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2010/10/06/6 - Mailing List, Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2010/10/07/1 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2010/10/07/1 - Mailing List, Patch, Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2010/10/25/3 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2010/10/25/3 - Mailing List, Patch, Third Party Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2010-0958.html - Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2010-0958.html - Third Party Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2011-0007.html - Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2011-0007.html - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/45074 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/45074 - Third Party Advisory, VDB Entry
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=648659 - Issue Tracking, Patch, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=648659 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2010-11-29 16:00

Updated : 2025-04-11 00:51

NVD link : CVE-2010-4074

Mitre link : CVE-2010-4074

CVE.ORG link : CVE-2010-4074

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2010-4074", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-11-29T16:00:02.900", "references": [{"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098", "source": "cve@mitre.org"}, {"url": "http://lkml.org/lkml/2010/9/15/392", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42890", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2010/dsa-2126", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/25/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/10/06/6", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/10/07/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/10/25/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/45074", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648659", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lkml.org/lkml/2010/9/15/392", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/42890", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2010/dsa-2126", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/25/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/10/06/6", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/10/07/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/10/25/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/45074", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648659", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c."}, {"lang": "es", "value": "El subsistema USB del kernel de Linux en versiones anteriores a la 2.6.36-rc5 no inicializa apropiadamente miembros de estructuras, lo que permite a usuarios locales obtener informaci\u00f3n potencialmente confidencial de la memoria de la pila del kernel a trav\u00e9s de vectores relacionados con llamadas ioctl TIOCGICOUNT, y la (1) funci\u00f3n mos7720_ioctl de drivers/usb/serial/mos7720.c y (2) mos7840_ioctl de drivers/usb/serial/mos7840.c."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8DCE5E2-B055-4F05-8F0F-F19D1B7BA8D7", "versionEndExcluding": "2.6.36"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBE26099-6D2C-4FAF-B15C-CBF985D59171"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2C193FF-3723-4BE9-8787-DED7D455FA8F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F874FE6A-968D-47E1-900A-E154E41EDAF8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14B7B8AE-CE83-4F0E-9138-6F165D97C19F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

1.9 /10