Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In December 2010 (Information Leak)
The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-12-29
Updated
2020-08-10
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-12-30
Updated
2023-02-13
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-12-23
Updated
2023-02-13
The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-12-10
Updated
2023-02-13
4 vulnerabilities found