CVE-2010-3861 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure12 documents7 sources

Severity

2.1LOWNVD

CNA7.2

EPSS

0.1%

top 83.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Opensuse +3 more

Timeline

PublishedDec 10

Latest updateMay 13

Description

The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶NVDlinux/linux_kernel< 2.6.36

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_real_time_extension11

▶NVDopensuse/opensuse11.2, 11.3+1

Also affects: Ubuntu Linux 10.04, 10.10, 9.10

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-fp8j-xh66-8w79: The ethtool_get_rxnfc function in net/core/ethtool↗2022-05-13

▶

CVEList

CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool↗2010-12-10

▶

💥Exploits & PoCs

Exploit-DB

SafeNet SoftRemote - GROUPNAME Buffer Overflow (Metasploit)↗2010-11-11

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-04-20

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

Ubuntu

Linux kernel vulnerabilities↗2011-03-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-28

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

💬Community

Bugzilla

CVE-2010-3861 kernel: heap contents leak from ETHTOOL_GRXCLSRLALL↗2010-10-26

▶