CVE-2010-4158

Priority
Description
The sk_run_filter function in net/core/filter.c in the Linux kernel before
2.6.36.2 does not check whether a certain memory location has been
initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM
instruction, which allows local users to obtain potentially sensitive
information from kernel stack memory via a crafted socket filter.
Ubuntu-Description
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy.
Assigned-to
smb
Package
Upstream:ignored
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:ignored
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:ignored
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:ignored
More Information

Updated: 2019-01-14 21:54:49 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)