CVE-2010-4655 (retired)

Priority
Description
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize
certain data structures, which allows local users to obtain potentially
sensitive information from kernel heap memory by leveraging the
CAP_NET_ADMIN capability for an ethtool ioctl call.
Ubuntu-Description
Kees Cook discovered that some ethtool functions did not correctly clear
heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit
this to read portions of kernel heap memory, leading to a loss of privacy.
Package
Upstream:released (2.6.38~rc3)
Package
Upstream:released (2.6.38~rc3)
Package
Upstream:released (2.6.38~rc3)
Package
Upstream:released (2.6.38~rc3)
Package
Upstream:released (2.6.38~rc3)
Package
Upstream:released (2.6.38~rc3)
Package
Upstream:released (2.6.38~rc3)
More Information

Updated: 2019-03-26 11:54:25 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)