CVE-2010-4655
published 2011-07-18CVE-2010-4655: net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| linux | linux_kernel | < 2.6.36 | 2.6.36 |
| vmware | esx | — | — |
| vmware | esx | — | — |
| vmware | vmware_esxi | — | — |
| vmware | vmware_workstation | — | — |
| vmware | vsphere | — | — |