CVE - CVE-2010-3078

CVE-ID
CVE-2010-3078	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1024418 URL:http://securitytracker.com/id?1024418 MISC:20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console URL:http://www.securityfocus.com/archive/1/520102/100/0/threaded MISC:41284 URL:http://secunia.com/advisories/41284 MISC:41512 URL:http://secunia.com/advisories/41512 MISC:42890 URL:http://secunia.com/advisories/42890 MISC:43022 URL:http://www.securityfocus.com/bid/43022 MISC:46397 URL:http://secunia.com/advisories/46397 MISC:ADV-2010-2430 URL:~~http://www.vupen.com/english/advisories/2010/2430~~ (Obsolete source) MISC:ADV-2011-0298 URL:~~http://www.vupen.com/english/advisories/2011/0298~~ (Obsolete source) MISC:RHSA-2010:0839 URL:http://www.redhat.com/support/errata/RHSA-2010-0839.html MISC:RHSA-2011:0007 URL:http://www.redhat.com/support/errata/RHSA-2011-0007.html MISC:SUSE-SA:2010:041 URL:http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html MISC:SUSE-SA:2010:050 URL:http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html MISC:SUSE-SA:2010:054 URL:http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html MISC:SUSE-SA:2011:007 URL:http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html MISC:USN-1000-1 URL:http://www.ubuntu.com/usn/USN-1000-1 MISC:[oss-security] 20100907 CVE request: kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak URL:http://www.openwall.com/lists/oss-security/2010/09/07/1 MISC:[oss-security] 20100907 Re: CVE request: kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak URL:http://www.openwall.com/lists/oss-security/2010/09/07/12 MISC:[xfs-masters] 20100906 [PATCH] xfs: prevent reading uninitialized stack memory URL:http://www.linux.sgi.com/archives/xfs-masters/2010-09/msg00002.html MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 MISC:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4 URL:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4 MISC:http://www.vmware.com/security/advisories/VMSA-2011-0012.html URL:http://www.vmware.com/security/advisories/VMSA-2011-0012.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=630804 URL:https://bugzilla.redhat.com/show_bug.cgi?id=630804
Assigning CNA
Red Hat, Inc.
Date Record Created
20100820	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100820)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)