1.9
CVE-2010-4073
- EPSS 0.24%
- Veröffentlicht 29.11.2010 16:00:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.37
Suse ≫ Linux Enterprise Desktop Version10 Updatesp3
Suse ≫ Linux Enterprise Desktop Version11 Updatesp1
Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp1
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Updatesp1
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp3
Debian ≫ Debian Linux Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.472 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.