Published: 21/09/2010 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel prior to 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.36
linux linux kernel
debian debian linux 5.0
canonical ubuntu linux 10.10
canonical ubuntu linux 9.04
canonical ubuntu linux 9.10
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04
canonical ubuntu linux 6.06

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity ...

Multiple kernel flaws ...

An attacker could send crafted input to the kernel and cause it to crash ...

Multiple security issues fixed ...

Multiple kernel flaws ...

CWE-399 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4 http://www.securitytracker.com/id?1024603 http://www.redhat.com/support/errata/RHSA-2010-0779.html http://www.ubuntu.com/usn/USN-1000-1 http://www.debian.org/security/2010/dsa-2126 http://www.redhat.com/support/errata/RHSA-2010-0839.html http://www.redhat.com/support/errata/RHSA-2011-0007.html http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e https://access.redhat.com/errata/RHSA-2010:0779 https://nvd.nist.gov https://usn.ubuntu.com/1083-1/

CVE-2010-3477

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect