Lucene search

RedhatCVE-2010-2942

HistorySep 21, 2010 - 6:00 p.m.

CVE-2010-2942

2010-09-2118:00:02

CWE-401

redhat

web.nvd.nist.gov

cve

2010

2942

linux kernel

information security

network

queueing functionality

sensitive information

memory

vulnerability

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.3%

JSON

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤2.6.35.13

linuxlinux_kernelMatch2.6.36-

linuxlinux_kernelMatch2.6.36rc1

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

Node

opensuseopensuseMatch11.1

opensuseopensuseMatch11.3

susesuse_linux_enterprise_desktopMatch10sp3

susesuse_linux_enterprise_desktopMatch11-

susesuse_linux_enterprise_desktopMatch11sp1

susesuse_linux_enterprise_serverMatch10sp3

susesuse_linux_enterprise_serverMatch11-

susesuse_linux_enterprise_serverMatch11sp1

Node

avayaaura_communication_managerMatch5.2

avayaaura_presence_servicesMatch6.0

avayaaura_presence_servicesMatch6.1

avayaaura_presence_servicesMatch6.1.1

avayaaura_session_managerMatch1.1

avayaaura_session_managerMatch5.2

avayaaura_session_managerMatch6.0

avayaaura_system_managerMatch5.2

avayaaura_system_managerMatch6.0

avayaaura_system_managerMatch6.1

avayaaura_system_managerMatch6.1.1

avayaaura_system_platformMatch1.1

avayaaura_system_platformMatch6.0-

avayaaura_system_platformMatch6.0sp1

avayaiqMatch5.0

avayaiqMatch5.1

avayavoice_portalMatch5.0

avayavoice_portalMatch5.1-

avayavoice_portalMatch5.1sp1

Node

vmwareesxMatch4.0

vmwareesxMatch4.1

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel2.6.36cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
linuxlinux_kernel2.6.36cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
canonicalubuntu_linux9.04cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
canonicalubuntu_linux9.10cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonicalubuntu_linux10.10cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
opensuseopensuse11.1cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	2.6.36	cpe:2.3:o:linux:linux_kernel:2.6.36:-::::::
linux	linux_kernel	2.6.36	cpe:2.3:o:linux:linux_kernel:2.6.36:rc1::::::
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::*
canonical	ubuntu_linux	9.04	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
canonical	ubuntu_linux	9.10	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
canonical	ubuntu_linux	10.10	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
opensuse	opensuse	11.1	cpe:2.3:o:opensuse:opensuse:11.1:::::::*