Published: 30/11/2010 Updated: 07/11/2023

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 170

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel prior to 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.36
linux linux kernel
suse linux enterprise server 10
suse linux enterprise server 9
opensuse opensuse 11.2
opensuse opensuse 11.3
suse linux enterprise desktop 10
suse linux enterprise software development kit 10
suse linux enterprise real time extension 11
debian debian linux 5.0

Multiple kernel flaws ...

Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup A local attacker could exploit this to crash the kernel, leading to a denial of service (CVE-2010-3086) ...

Multiple kernel flaws ...

Multiple kernel flaws have been fixed ...

An attacker could send crafted input to the kernel and cause it to crash ...

Multiple kernel flaws have been fixed ...

Multiple kernel flaws ...

Multiple security flaws in Linux kernel ...

Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly A local user could exploit this to read kernel stack memory, leading to a loss of privacy Brad Spengler discovered that stack memory for new a process was not correctly calculated A local attacker could exploit this to crash ...

CWE-909 http://lkml.org/lkml/2010/9/25/41 http://www.openwall.com/lists/oss-security/2010/10/25/3 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6 http://www.openwall.com/lists/oss-security/2010/09/25/2 https://bugzilla.redhat.com/show_bug.cgi?id=648670 http://www.openwall.com/lists/oss-security/2010/10/06/6 http://www.openwall.com/lists/oss-security/2010/10/07/1 http://www.securityfocus.com/bid/45063 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://www.debian.org/security/2010/dsa-2126 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://secunia.com/advisories/42778 http://www.vupen.com/english/advisories/2011/0012 http://secunia.com/advisories/42801 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://www.redhat.com/support/errata/RHSA-2011-0017.html http://secunia.com/advisories/42884 http://www.redhat.com/support/errata/RHSA-2011-0007.html http://secunia.com/advisories/42890 http://www.vupen.com/english/advisories/2011/0298 http://secunia.com/advisories/43291 http://www.vupen.com/english/advisories/2011/0375 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/46397 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d https://nvd.nist.gov https://packetstormsecurity.com/files/105078/Ubuntu-Security-Notice-USN-1202-1.html https://usn.ubuntu.com/1072-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-4081

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect