CVE-2010-3881

Priority
Description
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize
certain structure members, which allows local users to obtain potentially
sensitive information from kernel stack memory via read operations on the
/dev/kvm device.
Ubuntu-Description
Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local
attacker could exploit this to read portions of the kernel stack, leading
to a loss of privacy.
Notes
 smb> Releases before Lucid do not contain the IOCTL functions affected.
 smb> For ti-omap, mvl-dove and ec2 the change of KVM should not matter at all.
Assigned-to
smb
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:needs-triage
Package
Upstream:released (2.6.36.2)
Package
Upstream:needs-triage
Package
Upstream:not-affected
Package
Upstream:not-affected
Package
Upstream:needs-triage
More Information

Updated: 2019-01-14 21:54:39 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)