CVE-2010-3881 (retired)

Priority
Description
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize
certain structure members, which allows local users to obtain potentially
sensitive information from kernel stack memory via read operations on the
/dev/kvm device.
Ubuntu-Description
Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local
attacker could exploit this to read portions of the kernel stack, leading
to a loss of privacy.
Notes
 smb> Releases before Lucid do not contain the IOCTL functions affected.
 smb> For ti-omap, mvl-dove and ec2 the change of KVM should not matter at all.
Assigned-to
smb
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:needs-triage
Package
Upstream:released (2.6.36.2)
Package
Upstream:needs-triage
Package
Upstream:not-affected
Package
Upstream:not-affected
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:53:43 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)