[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1083Date: (C)2010-04-06   (M)2024-02-22


The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.7
Exploit Score: 3.4
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/520102/100/0/threaded
SECUNIA-39742
SECUNIA-39830
SECUNIA-46397
DSA-2053
RHSA-2010:0394
RHSA-2010:0723
SUSE-SA:2010:019
SUSE-SA:2010:023
http://lwn.net/Articles/375350/
http://lkml.org/lkml/2010/3/30/759
http://www.openwall.com/lists/oss-security/2010/02/17/1
http://www.openwall.com/lists/oss-security/2010/02/17/2
http://www.openwall.com/lists/oss-security/2010/02/18/7
http://www.openwall.com/lists/oss-security/2010/02/19/1
http://www.openwall.com/lists/oss-security/2010/02/18/4
http://support.avaya.com/css/P8/documents/100090459
http://support.avaya.com/css/P8/documents/100113326
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
oval:org.mitre.oval:def:10831

CPE    338
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.23.1
cpe:/o:linux:linux_kernel:2.6.23.2
cpe:/o:linux:linux_kernel:2.6.23.3
...
CWE    1
CWE-399
OVAL    8
oval:org.secpod.oval:def:500349
oval:org.secpod.oval:def:201808
oval:org.secpod.oval:def:201881
oval:org.secpod.oval:def:201819
...

© SecPod Technologies