CVE-2010-4073

Priority
Description
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize
certain structures, which allows local users to obtain potentially
sensitive information from kernel stack memory via vectors related to the
(1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl
functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5)
compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
Ubuntu-Description
Dan Rosenberg discovered that IPC structures were not correctly initialized
on 64bit systems. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy.
Notes
 jdstrand> dapper_linux-source-2.6.15 was marked as pending, but it was not
  included in 2.6.15-57.94. Marking as needed.
Assigned-to
sconklin
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
More Information

Updated: 2019-01-14 21:54:46 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)