Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-1083

Опубликовано: 17 фев. 2010
Источник: redhat
CVSS2: 1.9
EPSS Низкий

Описание

The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).

Отчет

This issue has been rated as having low security impact. A future update in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG may address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: https://access.redhat.com/support/policy/updates/errata/

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=566624kernel: information leak via userspace USB interface

EPSS

Процентиль: 21%
0.00067
Низкий

1.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-1083

ubuntu
около 15 лет назад

The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).

nvd логотип

CVE-2010-1083

nvd
около 15 лет назад

The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).

debian логотип

CVE-2010-1083

debian
около 15 лет назад

The processcompl_compat function in drivers/usb/core/devio.c in Linux ...

github логотип

GHSA-wjw5-8jqj-3p8c

github
около 3 лет назад

The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).

oracle-oval логотип

ELSA-2010-0723

oracle-oval
больше 14 лет назад

ELSA-2010-0723: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 21%
0.00067
Низкий

1.9 Low

CVSS2