4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users.
USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copies uninitialized memory from kernel space to user space (with the copy_to_user function), the previous kernel memory contents will be copied as well. In some cases, this will grant a user inappropriate access to sensitive segments of kernel memory.
Users may be able to view sensitive segments of kernel memory.
Check with Vendor
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.
Upgrade to Unaffected Build of the Linux Kernel
Users are encouraged to upgrade to an unaffected build of the Linux kernel.
981134
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 30, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 25, 2004
Affected
According to SusE “We will release updates for those bugs together with one of our next kernel security updates”.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Not Affected
Ingrian Networks products are not vulnerable to this issue as they do not contain USB drivers.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 25, 2004
Unknown
The default Linux kernel image on Openwall GNU/*/Linux (Owl) 1.1 CDs is not affected by this issue since USB support is not compiled in. Custom kernel builds, however, could be affected, depending on options used. This has been corrected in Owl-current and Owl 1.1-stable on August 15, 2004 with the update to Linux 2.4.27-ow1. More importantly, his update also corrects a number of other Linux kernels vulnerabilities which have similar prerequisites and impact (e.g., CVE CAN-2004-0415).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
Notified: October 22, 2004 Updated: October 22, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23981134 Feedback>).
View all 19 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Tim Yamin.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2004-0685 |
---|---|
Severity Metric: | 0.48 Date Public: |