CVE Vulnerabilities

CVE-2010-4082

Missing Initialization of Resource

Published: Nov 30, 2010 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call.

Weakness

The product does not initialize a critical resource.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 2.6.36 2.6.36
Linux_kernel Linux 2.6.36 2.6.36
Linux_kernel Linux 2.6.36 2.6.36
Linux_kernel Linux 2.6.36 2.6.36
Linux_kernel Linux * *
Linux_kernel Linux 2.6.36 2.6.36

Potential Mitigations

References