Release date:
Updated on:
Affected Systems:
Linux kernel 2.6.0-2.6.37
Description:
--------------------------------------------------------------------------------
Bugtraq id: 45062
Cve id: CVE-2010-4079
Linux Kernel is the Kernel used by open source Linux.
Linux Kernel has a vulnerability in implementation. Local attackers can exploit this vulnerability to obtain sensitive information, which facilitates the execution of other attacks.
V4L/DVB: ivtvfb: prevents reading from the memory of the previous stack. FBIOGET_VBLANK device ioctl allows unauthorized users to read 16 bytes of the original stack memory, because the "Reserved" members of the fb_vblank structure published on the stack have not been changed or cleared before being copied to the user.
<**>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kernel.org/