Описание
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
Отчет
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for Transparent Inter-Process Communication Protocol (TIPC). A future kernel update in Red Hat Enterprise Linux 5 may address this flaw.
Дополнительная информация
Статус:
EPSS
1.9 Low
CVSS2
Связанные уязвимости
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
The get_name function in net/tipc/socket.c in the Linux kernel before ...
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
ELSA-2011-0017: Oracle Linux 5.6 kernel security and bug fix update (IMPORTANT)
EPSS
1.9 Low
CVSS2