CVE Vulnerabilities

CVE-2010-3297

Missing Initialization of Resource

Published: Sep 30, 2010 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

Weakness

The product does not initialize a critical resource.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 2.6.36 2.6.36
Linux_kernel Linux 2.6.36 2.6.36
Linux_kernel Linux 2.6.36 2.6.36
Linux_kernel Linux 2.6.36 2.6.36
Linux_kernel Linux * *
Linux_kernel Linux 2.6.36 2.6.36

Potential Mitigations

References