CVE-2010-3881

CWE-200 — Information Exposure10 documents6 sources

Severity

2.1LOW

EPSS

0.1%

top 77.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat Enterprise Linux Server Redhat Enterprise Linux Workstation +3 more

Timeline

PublishedDec 23

Latest updateMay 13

Description

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages6 packages

▶NVDlinux/linux_kernel< 2.6.36.2

▶NVDredhat/enterprise_linux_server6.0

▶NVDsuse/suse_linux_enterprise_server11

▶NVDsuse/suse_linux_enterprise_desktop11

▶NVDredhat/enterprise_linux_workstation6.0

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7ggg-v588-6483: arch/x86/kvm/x86↗2022-05-13

▶

CVEList

CVE-2010-3881: arch/x86/kvm/x86↗2010-12-23

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

Ubuntu

Linux kernel vulnerabilities (EC2)↗2011-07-13

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-04-20

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-01

▶

💬Community

Bugzilla

CVE-2010-3881 kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory↗2010-11-04

▶