Release date:
Updated on: 2010-09-17
Affected Systems:
Linux kernel 2.6.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2010-3295
Linux Kernel is the Kernel used by open source Linux.
Drivers/net/tulip/de4x5. the de4x5_ioctl () function in the c driver incorrectly copies the addr member rather than the expected lval member to the user space. Local users can use the DE4X5_GET_REG request to read 32 bytes of uninitialized stack memory.
<* Source: Dan Rosenberg
Link: http://secunia.com/advisories/41440/
Https://bugzilla.redhat.com/show_bug.cgi? Format = multiple & amp; id = 633158
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lkml.org/lkml/2010/9/11/169