Back to search
CVE-2010-3477
Published: Sep 21, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1024603
vdb-entry
x_refsource_SECTRACK
USN-1000-1
vendor-advisory
x_refsource_UBUNTU
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
mailing-list
x_refsource_BUGTRAQ
46397
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0007
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0839
vendor-advisory
x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
x_refsource_CONFIRM
42890
third-party-advisory
x_refsource_SECUNIA
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4
x_refsource_CONFIRM
RHSA-2010:0779
vendor-advisory
x_refsource_REDHAT
DSA-2126
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now