CVE-2010-4074 (retired)

Priority
Description
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly
initialize certain structure members, which allows local users to obtain
potentially sensitive information from kernel stack memory via vectors
related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in
drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in
drivers/usb/serial/mos7840.c.
Ubuntu-Description
Dan Rosenberg discovered that the USB subsystem did not correctly
initialize certian structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy.
Package
Upstream:released (2.6.36~rc5)
Package
Upstream:released (2.6.36~rc5)
Package
Upstream:released (2.6.36~rc5)
Package
Upstream:released (2.6.36~rc5)
Package
Upstream:released (2.6.36~rc5)
Package
Upstream:released (2.6.36~rc5)
More Information

Updated: 2019-09-19 15:34:00 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)