Ubuntu.comUB:CVE-2010-2942CVE-2010-2942
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
20.3%
The actions implementation in the network queueing functionality in the
Linux kernel before 2.6.36-rc2 does not properly initialize certain
structure members when performing dump operations, which allows local users
to obtain potentially sensitive information from kernel memory via vectors
related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the
tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump
function in net/sched/act_nat.c, (4) the tcf_simp_dump function in
net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in
net/sched/act_skbedit.c.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 8.04 | noarch | linux | <Â 2.6.24-28.80 | UNKNOWN |
| ubuntu | 9.04 | noarch | linux | <Â 2.6.28-19.66 | UNKNOWN |
| ubuntu | 9.10 | noarch | linux | <Â 2.6.31-22.67 | UNKNOWN |
| ubuntu | 10.04 | noarch | linux | <Â 2.6.32-25.45 | UNKNOWN |
| ubuntu | 9.10 | noarch | linux-ec2 | <Â 2.6.31-307.21 | UNKNOWN |
| ubuntu | 10.04 | noarch | linux-ec2 | <Â 2.6.32-309.18 | UNKNOWN |
| ubuntu | 9.10 | noarch | linux-fsl-imx51 | <Â 2.6.31-112.30 | UNKNOWN |
| ubuntu | 10.04 | noarch | linux-fsl-imx51 | <Â 2.6.31-608.22 | UNKNOWN |
| ubuntu | 10.04 | noarch | linux-lts-backport-maverick | <Â 2.6.35-25.44~lucid1 | UNKNOWN |
| ubuntu | 10.04 | noarch | linux-mvl-dove | <Â 2.6.32-216.33 | UNKNOWN |
References
launchpad.net/bugs/cve/CVE-2010-2942
nvd.nist.gov/vuln/detail/CVE-2010-2942
security-tracker.debian.org/tracker/CVE-2010-2942
ubuntu.com/security/notices/USN-1000-1
ubuntu.com/security/notices/USN-1074-1
ubuntu.com/security/notices/USN-1074-2
ubuntu.com/security/notices/USN-1083-1
ubuntu.com/security/notices/USN-1093-1
www.cve.org/CVERecord?id=CVE-2010-2942
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
20.3%