Release date:
Updated on:
Affected Systems:
Linux kernel 2.6.0-2.6.37
Description:
--------------------------------------------------------------------------------
Bugtraq id: 45063
Cve id: CVE-2010-4081
Linux Kernel is the Kernel used by open source Linux.
Linux Kernel has a vulnerability in implementation. Local attackers can exploit this vulnerability to obtain sensitive information, which may facilitate other attacks.
Hdspm. c and hdsp. in c, SNDRV_HDSP_IOCTL_GET_CONFIG_INFO and SNDRV_HDSP_IOCTL_GET_CONFIG_INFO allow unauthorized users to read uninitialized Kernel stack memory because several fields of hdsp {m} _ config_info published on the stack are not changed or cleared before being copied to the user.
<**>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kernel.org/