CVE-2010-4075

Priority
Description
The uart_get_count function in drivers/serial/serial_core.c in the Linux
kernel before 2.6.37-rc1 does not properly initialize a certain structure
member, which allows local users to obtain potentially sensitive
information from kernel stack memory via a TIOCGICOUNT ioctl call.
Ubuntu-Description
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
Notes
 jdstrand> applied on dapper_linux-source-2.6.15 2.6.15-57.94, but not in
  changelog
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
More Information

Updated: 2019-01-14 21:54:46 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)