Back to search
CVE-2010-4655
Published: Jul 18, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1146-1
vendor-advisory
x_refsource_UBUNTU
45972
vdb-entry
x_refsource_BID
[oss-security] 20110124 CVE request: linux kernel heap issues
mailing-list
x_refsource_MLIST
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
mailing-list
x_refsource_BUGTRAQ
46397
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20110125 Re: CVE request: linux kernel heap issues
mailing-list
x_refsource_MLIST
[oss-security] 20110124 Re: CVE request: linux kernel heap issues
mailing-list
x_refsource_MLIST
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
x_refsource_CONFIRM
[oss-security] 20110125 Re: CVE request: linux kernel heap issues
mailing-list
x_refsource_MLIST
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
x_refsource_CONFIRM
[oss-security] 20110128 Re: CVE request: linux kernel heap issues
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=672428
x_refsource_CONFIRM
[linux-kernel] 20101007 [PATCH] net: clear heap allocations for privileged ethtool actions
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now