Published: 29/12/2010 Updated: 10/08/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and previous versions creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Multiple kernel vulnerabilities have been fixed ...

Multiple kernel flaws have been fixed ...

Multiple kernel vulnerabilities have been fixed ...

Multiple kernel flaws have been fixed ...

Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly A local user could exploit this to read kernel stack memory, leading to a loss of privacy Brad Spengler discovered that stack memory for new a process was not correctly calculated A local attacker could exploit this to crash ...

CWE-200 http://openwall.com/lists/oss-security/2010/12/20/2 http://www.spinics.net/lists/netdev/msg146468.html http://www.spinics.net/lists/netdev/msg146270.html http://www.spinics.net/lists/netdev/msg145791.html http://openwall.com/lists/oss-security/2010/11/04/4 http://openwall.com/lists/oss-security/2010/11/03/3 http://www.securityfocus.com/bid/44661 http://openwall.com/lists/oss-security/2010/12/21/1 http://www.spinics.net/lists/netdev/msg145796.html https://bugzilla.redhat.com/show_bug.cgi?id=664544 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 https://nvd.nist.gov https://packetstormsecurity.com/files/105078/Ubuntu-Security-Notice-USN-1202-1.html https://usn.ubuntu.com/1141-1/

CVE-2010-4565

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect