Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2010-4074

Back to Search

SUSE Linux Security Vulnerability: CVE-2010-4074

Severity
2
CVSS
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Published
11/29/2010
Created
07/25/2018
Added
11/18/2015
Modified
07/04/2017

Description

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

Solution(s)

  • suse-upgrade-brocade-bna-kmp-rt
  • suse-upgrade-cluster-network-kmp-rt
  • suse-upgrade-cluster-network-kmp-rt_trace
  • suse-upgrade-drbd-kmp-rt
  • suse-upgrade-drbd-kmp-rt_trace
  • suse-upgrade-iscsitarget-kmp-rt
  • suse-upgrade-kernel-rt
  • suse-upgrade-kernel-rt-base
  • suse-upgrade-kernel-rt-devel
  • suse-upgrade-kernel-rt_trace
  • suse-upgrade-kernel-rt_trace-base
  • suse-upgrade-kernel-rt_trace-devel
  • suse-upgrade-kernel-source-rt
  • suse-upgrade-kernel-syms-rt
  • suse-upgrade-ocfs2-kmp-rt
  • suse-upgrade-ocfs2-kmp-rt_trace
  • suse-upgrade-ofed-kmp-rt
  • suse-upgrade-suse-linux-enterprise-rt-release

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;