Vulnerability CVE-2010-4655: Information

Description

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2010-4655
Published: July 18, 2011
Modified: Feb. 13, 2023
Error type identifier: CWE-665

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed
usbipp115.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20110124 CVE request: linux kernel heap issues
  • Mailing List
  • Patch
  • Third Party Advisory
[linux-kernel] 20101007 [PATCH] net: clear heap allocations for privileged ethtool actions
  • Mailing List
  • Patch
  • Third Party Advisory
[oss-security] 20110125 Re: CVE request: linux kernel heap issues
  • Mailing List
  • Patch
  • Third Party Advisory
[oss-security] 20110124 Re: CVE request: linux kernel heap issues
  • Mailing List
  • Patch
  • Third Party Advisory
[oss-security] 20110125 Re: CVE request: linux kernel heap issues
  • Mailing List
  • Patch
  • Third Party Advisory
45972
  • Third Party Advisory
  • VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=672428
  • Issue Tracking
  • Patch
  • Third Party Advisory
[oss-security] 20110128 Re: CVE request: linux kernel heap issues
  • Mailing List
  • Patch
  • Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
  • Broken Link
46397
  • Broken Link
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
  • Third Party Advisory
USN-1146-1
  • Third Party Advisory
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
  • Third Party Advisory
  • VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b00916b189d13a615ff05c9242201135992fcda3

      1. Configuration 1

        cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
        End excliding
        2.6.36

        Configuration 2

        cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
        cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top