Back to search
CVE-2010-1083
Published: Apr 6, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[linux-kernel] 20100330 [48/89] USB: usbfs: properly clean up the as structure on error paths
mailing-list
x_refsource_MLIST
oval:org.mitre.oval:def:10831
vdb-entry
signature
x_refsource_OVAL
RHSA-2010:0723
vendor-advisory
x_refsource_REDHAT
[linux-kernel] 20100221 [80/93] USB: usbfs: properly clean up the as structure on error paths
mailing-list
x_refsource_MLIST
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
mailing-list
x_refsource_BUGTRAQ
46397
third-party-advisory
x_refsource_SECUNIA
RHSA-2010:0394
vendor-advisory
x_refsource_REDHAT
[oss-security] 20100217 additional memory leak in USB userspace handling
mailing-list
x_refsource_MLIST
http://support.avaya.com/css/P8/documents/100090459
x_refsource_CONFIRM
[oss-security] 20100217 CVE request: kernel information leak via userspace USB interface
mailing-list
x_refsource_MLIST
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
x_refsource_CONFIRM
http://support.avaya.com/css/P8/documents/100113326
x_refsource_CONFIRM
SUSE-SA:2010:019
vendor-advisory
x_refsource_SUSE
SUSE-SA:2010:023
vendor-advisory
x_refsource_SUSE
[oss-security] 20100218 Re: CVE request: kernel information leak via userspace USB interface
mailing-list
x_refsource_MLIST
[oss-security] 20100219 Re: additional memory leak in USB userspace handling
mailing-list
x_refsource_MLIST
39742
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20100219 Re: CVE request: kernel information leak via userspace USB interface
mailing-list
x_refsource_MLIST
DSA-2053
vendor-advisory
x_refsource_DEBIAN
39830
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now