The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call.
The product does not initialize a critical resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 2.6.36 (excluding) |