1.9
CVE-2010-4072
- EPSS 0.1%
- Published 29.11.2010 16:00:02
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.37
Linux ≫ Linux Kernel Version2.6.37 Update-
Suse ≫ Linux Enterprise Desktop Version10 Updatesp3
Suse ≫ Linux Enterprise Desktop Version11 Updatesp1
Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp1
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Updatesp1
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp3
Debian ≫ Debian Linux Version5.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.24 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.