CVE-2010-4076

Priority
Description
The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel
2.6.36.1 and earlier does not properly initialize a certain structure
member, which allows local users to obtain potentially sensitive
information from kernel stack memory via a TIOCGICOUNT ioctl call.
Ubuntu-Description
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
Notes
jdstranddapper_linux-source-2.6.15 was marked as pending but was not applied
in 2.6.15-57.94. Marked down to 'needed'
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
More Information

Updated: 2020-03-18 22:04:34 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)