The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://lkml.org/lkml/2010/9/11/170
http://secunia.com/advisories/41440
http://secunia.com/advisories/42758
http://secunia.com/advisories/42884
http://secunia.com/advisories/46397
http://www.debian.org/security/2010/dsa-2126
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5
http://www.openwall.com/lists/oss-security/2010/09/14/2
http://www.openwall.com/lists/oss-security/2010/09/14/7
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/43221
http://www.ubuntu.com/usn/USN-1041-1
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vupen.com/english/advisories/2011/0070
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*
OR
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89680 | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check) | Nessus | Misc. | high |
79507 | OracleVM 2.2 : kernel (OVMSA-2013-0039) | Nessus | OracleVM Local Security Checks | critical |
75550 | openSUSE Security Update : kernel (openSUSE-SU-2010:0655-1) | Nessus | SuSE Local Security Checks | high |
68247 | Oracle Linux 6 : kernel (ELSA-2011-0421) | Nessus | Oracle Linux Local Security Checks | high |
65101 | Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1) | Nessus | Ubuntu Local Security Checks | critical |
65103 | Ubuntu 10.04 LTS / 10.10 : linux-mvl-dove vulnerabilities (USN-1093-1) | Nessus | Ubuntu Local Security Checks | high |
61012 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
56508 | VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service Console | Nessus | VMware ESX Local Security Checks | high |
56190 | USN-1202-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
53669 | openSUSE Security Update : kernel (openSUSE-SU-2010:0895-2) | Nessus | SuSE Local Security Checks | high |
53328 | RHEL 6 : kernel (RHSA-2011:0421) | Nessus | Red Hat Local Security Checks | high |
52475 | Ubuntu 8.04 LTS : linux vulnerabilities (USN-1072-1) | Nessus | Ubuntu Local Security Checks | high |
51612 | SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3276 / 3280 / 3284) | Nessus | SuSE Local Security Checks | high |
51522 | RHEL 5 : kernel (RHSA-2011:0017) | Nessus | Red Hat Local Security Checks | medium |
51453 | Ubuntu 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1041-1) | Nessus | Ubuntu Local Security Checks | high |
50925 | SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 3358 / 3361 / 3362) | Nessus | SuSE Local Security Checks | high |
50825 | Debian DSA-2126-1 : linux-2.6 - privilege escalation/denial of service/information leak | Nessus | Debian Local Security Checks | high |
49671 | openSUSE Security Update : kernel (openSUSE-SU-2010:0664-1) | Nessus | SuSE Local Security Checks | critical |