CVE-2010-4158 (retired)

Priority
Description
The sk_run_filter function in net/core/filter.c in the Linux kernel before
2.6.36.2 does not check whether a certain memory location has been
initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM
instruction, which allows local users to obtain potentially sensitive
information from kernel stack memory via a crafted socket filter.
Ubuntu-Description
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy.
Assigned-to
smb
Package
Upstream:ignored
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:ignored
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:ignored
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:ignored
More Information

Updated: 2019-03-26 11:53:54 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)