Description
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Canonical / Ubuntu Linux10.10 – 10.10
- Canonical / Ubuntu Linux6.06 – 6.06
- Canonical / Ubuntu Linux8.04 – 8.04
- Canonical / Ubuntu Linux9.04 – 9.04
- Canonical / Ubuntu Linux9.10 – 9.10
- Canonical / Ubuntu Linux10.04 – 10.04
- Linux / Linux kernel2.6.36 – 2.6.36
- Linux / Linux kernel2.6.36 – 2.6.36
- Linux / Linux kernel2.6.35.4
- Linux / Linux kernel2.6.36 – 2.6.36
- Linux / Linux kernel2.6.36 – 2.6.36
- openSUSE / opensuse11.1 – 11.1
- openSUSE / opensuse11.3 – 11.3
- SUSE / suse_linux_enterprise_desktop11 – 11
- SUSE / SUSE Linux Enterprise Server11 – 11
- VMware / esx4.0 – 4.0
- VMware / esx4.1 – 4.1
References
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/09/07/1
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1000-1
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
- MISChttp://www.linux.sgi.com/archives/xfs-masters/2010-09/msg00002.html
- MISChttp://www.securityfocus.com/archive/1/520102/100/0/threaded
- MISChttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9
- VENDOR_ADVISORYhttp://secunia.com/advisories/46397
- MISChttp://www.redhat.com/support/errata/RHSA-2011-0007.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2430
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0298
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
- MISChttp://www.redhat.com/support/errata/RHSA-2010-0839.html
- VENDOR_ADVISORYhttp://www.vmware.com/security/advisories/VMSA-2011-0012.html
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/09/07/12
- VENDOR_ADVISORYhttp://secunia.com/advisories/42890
- MISChttp://securitytracker.com/id?1024418
- VENDOR_ADVISORYhttp://secunia.com/advisories/41284
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=630804
- MISChttp://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
- MISChttp://www.securityfocus.com/bid/43022
- VENDOR_ADVISORYhttp://secunia.com/advisories/41512