CVE-2010-4077
published 2010-11-29CVE-2010-4077: The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member…
PriorityP412low1.9CVSS 2.0
AVLACMAuNCPINAN
EXPLOIT
EPSS
1.04%
59.7th percentile
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.36.1 | — |
CVSS provenance
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
vendor_ubuntu6.9MEDIUM
vendor_redhat1.9LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-09-29·CVSS 1.9
CVE-2010-4076 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about program
Ubuntu
Linux kernel (EC2) vulnerabilities
vendor_ubuntu·2011-09-26·CVSS 1.9
CVE-2010-4076 [LOW] Linux kernel (EC2) vulnerabilities
Title: Linux kernel (EC2) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about p
Ubuntu
Linux kernel (Marvel DOVE) vulnerabilities
vendor_ubuntu·2011-09-14·CVSS 1.9
CVE-2011-2213 [LOW] Linux kernel (Marvel DOVE) vulnerabilities
Title: Linux kernel (Marvel DOVE) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 2.1
CVE-2011-1171 [LOW] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
correctly calculate the size of
Ubuntu
Linux kernel (i.MX51) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 6.9
CVE-2011-2918 [MEDIUM] Linux kernel (i.MX51) vulnerabilities
Title: Linux kernel (i.MX51) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered t
Ubuntu
Linux kernel (Marvel DOVE) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 1.9
CVE-2011-2700 [LOW] Linux kernel (Marvel DOVE) vulnerabilities
Title: Linux kernel (Marvel DOVE) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details
Ubuntu
Linux kernel (Maverick backport) vulnerabilities
vendor_ubuntu·2011-08-09·CVSS 4.9
CVE-2010-3698 [MEDIUM] Linux kernel (Maverick backport) vulnerabilities
Title: Linux kernel (Maverick backport) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)
Thomas Pollet discovered that the RDS network protocol did not check
certain iovec buffers. A local attacker could exploit this to crash the
system or possibly execute arbitrary code as the root user. (CVE-2010-3865)
Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)
Vasiliy Kulikov discovered that the Linux kernel sockets implementation
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-08-03·CVSS 1.9
CVE-2010-4076 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Neil Horman discovered that NFSv4 did not correctly handle certain orders
of operation with ACL data. A remote attacker with access to an NFSv4 mount
could exploit this to crash the system, leading to a denial of service.
(CVE-2011-1090)
Timo Warns discovered that OSF partition parsing routines did not correctly
clear memory. A local attacker with physical access could plug in a
specially crafted block device to read kernel memory, leading to a loss of
privacy. (CVE-2
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-07-15·CVSS 1.9
CVE-2010-4247 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
It was discovered that Xen did not correctly handle certain block requests.
A local attacker in a Xen guest could cause the Xen host to use all
available CPU resources, leading to a denial of service. (CVE-2010-4247)
It was discovered that the ICMP stack did not correctly handle certain
unreachable messages. If a remote attacker were able to acquire a socket
lock, they could send specially crafted traffic that would crash the
system, leading to a denial of service. (C
Ubuntu
Linux Kernel vulnerabilities
vendor_ubuntu·2011-03-25·CVSS 1.9
CVE-2010-4075 [LOW] Linux Kernel vulnerabilities
Title: Linux Kernel vulnerabilities
Summary: A local attacker could exploit this to run programs with admininstrator
privileges.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered that certain iovec operations did not calculate
page counts correctly. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-03-18·CVSS 1.9
CVE-2010-4075 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel vulnerabilities.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered that certain iovec operations did not calculate
page counts correctly. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4162)
Dan Rosenberg discovered that
Red Hat
kernel: drivers/char/nozomi.c: reading uninitialized stack memory
vendor_redhat·2010-09-15·CVSS 1.9
CVE-2010-4077 [LOW] kernel: drivers/char/nozomi.c: reading uninitialized stack memory
kernel: drivers/char/nozomi.c: reading uninitialized stack memory
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, and 5 as they did not include support for GlobeTrotter
HSPDA PCMCIA card.
GHSA
GHSA-p48g-5p2g-7p87: The ntty_ioctl_tiocgicount function in drivers/char/nozomi
ghsa_unreviewed·2022-05-13
CVE-2010-4077 [LOW] CWE-200 GHSA-p48g-5p2g-7p87: The ntty_ioctl_tiocgicount function in drivers/char/nozomi
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
No detection rules found.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03387.htmlhttp://secunia.com/advisories/42890http://securityreason.com/securityalert/8129http://www.openwall.com/lists/oss-security/2010/09/25/2http://www.openwall.com/lists/oss-security/2010/10/06/6http://www.openwall.com/lists/oss-security/2010/10/07/1http://www.openwall.com/lists/oss-security/2010/10/25/3http://www.redhat.com/support/errata/RHSA-2010-0958.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0007.htmlhttp://www.securityfocus.com/bid/45059https://bugzilla.redhat.com/show_bug.cgi?id=648663http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03387.htmlhttp://secunia.com/advisories/42890http://securityreason.com/securityalert/8129http://www.openwall.com/lists/oss-security/2010/09/25/2http://www.openwall.com/lists/oss-security/2010/10/06/6http://www.openwall.com/lists/oss-security/2010/10/07/1http://www.openwall.com/lists/oss-security/2010/10/25/3http://www.redhat.com/support/errata/RHSA-2010-0958.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0007.htmlhttp://www.securityfocus.com/bid/45059https://bugzilla.redhat.com/show_bug.cgi?id=648663
2010-11-29
Published