Release date:
Updated on: 2010-09-17
Affected Systems:
Linux kernel 2.6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 43226
Cve id: CVE-2010-3298
Linux Kernel is the Kernel used by open source Linux.
Drivers/net/usb/hso. the hso_get_count () function in the c driver does not properly initialize the reserved member in the serial_icounter_struct structure to copy it to the user space. Local Users can read 9 bytes of uninitialized stack memory through the TIOCGICOUNT ioctl request.
<* Source: Dan Rosenberg
Link: http://secunia.com/advisories/41440/
Https://bugzilla.redhat.com/show_bug.cgi? Format = multiple & amp; id = 633140
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lkml.org/lkml/2010/9/11/167