QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-2942

Back to search

CVE-2010-2942

Published: Sep 21, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2010:0723
vendor-advisory
x_refsource_REDHAT
USN-1000-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SA:2010:041
vendor-advisory
x_refsource_SUSE
RHSA-2010:0771
vendor-advisory
x_refsource_REDHAT
46397
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2010:040
vendor-advisory
x_refsource_SUSE
ADV-2010-2430
vdb-entry
x_refsource_VUPEN
SUSE-SA:2011:007
vendor-advisory
x_refsource_SUSE
SUSE-SA:2010:060
vendor-advisory
x_refsource_SUSE
ADV-2011-0298
vdb-entry
x_refsource_VUPEN
42529
vdb-entry
x_refsource_BID
SUSE-SA:2010:054
vendor-advisory
x_refsource_SUSE
41512
third-party-advisory
x_refsource_SECUNIA
RHSA-2010:0779
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now