CVE-2010-3881

Priority
Description
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize
certain structure members, which allows local users to obtain potentially
sensitive information from kernel stack memory via read operations on the
/dev/kvm device.
Ubuntu-Description
Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local
attacker could exploit this to read portions of the kernel stack, leading
to a loss of privacy.
Assigned-to
smb
Notes
smbReleases before Lucid do not contain the IOCTL functions affected.
For ti-omap, mvl-dove and ec2 the change of KVM should not matter at all.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:needs-triage
Package
Upstream:released (2.6.36.2)
Package
Upstream:needs-triage
Package
Upstream:not-affected
Package
Upstream:not-affected
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:55:52 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)