| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-3510 |
399 |
|
DoS +Info |
2012-10-03 |
2013-04-18 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. |
|
2 |
CVE-2011-2898 |
264 |
|
+Info |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. |
|
3 |
CVE-2011-2707 |
20 |
|
+Info |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. |
|
4 |
CVE-2011-2492 |
200 |
|
+Info |
2011-07-28 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. |
|
5 |
CVE-2011-1776 |
119 |
|
DoS Overflow +Info |
2011-09-06 |
2012-05-17 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. |
|
6 |
CVE-2011-1495 |
20 |
|
DoS +Priv Mem. Corr. +Info |
2011-05-03 |
2012-04-27 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. |
|
7 |
CVE-2011-1173 |
200 |
|
+Info |
2011-06-22 |
2012-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. |
|
8 |
CVE-2011-1172 |
200 |
|
+Info |
2011-06-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
9 |
CVE-2011-1171 |
200 |
|
+Info |
2011-06-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
10 |
CVE-2011-1170 |
200 |
|
+Info |
2011-06-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
11 |
CVE-2011-1163 |
20 |
|
+Info |
2011-04-09 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. |
|
12 |
CVE-2011-1044 |
119 |
|
Overflow +Info |
2011-02-18 |
2013-01-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. |
|
13 |
CVE-2011-1020 |
264 |
|
DoS +Info |
2011-02-28 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. |
|
14 |
CVE-2011-1017 |
119 |
|
Overflow +Priv +Info |
2011-03-01 |
2012-03-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table. |
|
15 |
CVE-2011-0711 |
200 |
|
+Info |
2011-03-01 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. |
|
16 |
CVE-2011-0710 |
200 |
|
+Info |
2011-02-18 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. |
|
17 |
CVE-2011-0463 |
20 |
|
+Info |
2011-04-09 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file. |
|
18 |
CVE-2010-4655 |
200 |
|
+Info |
2011-07-18 |
2012-03-19 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. |
|
19 |
CVE-2010-4565 |
200 |
|
+Info |
2010-12-29 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. |
|
20 |
CVE-2010-4529 |
189 |
|
+Info |
2011-01-13 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. |
|
21 |
CVE-2010-4527 |
119 |
|
Overflow +Priv +Info |
2011-01-13 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. |
|
22 |
CVE-2010-4158 |
200 |
|
+Info |
2010-12-30 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. |
|
23 |
CVE-2010-4083 |
200 |
|
+Info |
2010-11-30 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. |
|
24 |
CVE-2010-4082 |
200 |
|
+Info |
2010-11-30 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. |
|
25 |
CVE-2010-4081 |
200 |
|
+Info |
2010-11-30 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. |
|
26 |
CVE-2010-4080 |
200 |
|
+Info |
2010-11-30 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. |
|
27 |
CVE-2010-4079 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. |
|
28 |
CVE-2010-4078 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. |
|
29 |
CVE-2010-4077 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
30 |
CVE-2010-4076 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
31 |
CVE-2010-4075 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
32 |
CVE-2010-4074 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. |
|
33 |
CVE-2010-4073 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. |
|
34 |
CVE-2010-4072 |
200 |
|
+Info |
2010-11-29 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." |
|
35 |
CVE-2010-3881 |
200 |
|
+Info |
2010-12-23 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. |
|
36 |
CVE-2010-3877 |
200 |
|
+Info |
2011-01-03 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. |
|
37 |
CVE-2010-3876 |
200 |
|
+Info |
2011-01-03 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. |
|
38 |
CVE-2010-3875 |
200 |
|
+Info |
2011-01-03 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. |
|
39 |
CVE-2010-3861 |
200 |
|
+Info |
2010-12-10 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478. |
|
40 |
CVE-2010-3477 |
399 |
|
+Info |
2010-09-21 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. |
|
41 |
CVE-2010-3437 |
189 |
1
|
DoS +Info |
2010-10-04 |
2012-03-19 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. |
|
42 |
CVE-2010-3298 |
200 |
|
+Info |
2010-09-30 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
43 |
CVE-2010-3297 |
200 |
|
+Info |
2010-09-30 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. |
|
44 |
CVE-2010-3296 |
200 |
|
+Info |
2010-09-30 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call. |
|
45 |
CVE-2010-3078 |
399 |
|
+Info |
2010-09-21 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. |
|
46 |
CVE-2010-2955 |
189 |
|
+Info |
2010-09-08 |
2012-03-19 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. |
|
47 |
CVE-2010-2943 |
200 |
|
+Info |
2010-09-30 |
2012-03-19 |
7.9 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
None |
|
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. |
|
48 |
CVE-2010-2942 |
399 |
|
+Info |
2010-09-21 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. |
|
49 |
CVE-2010-2803 |
200 |
|
+Info |
2010-09-08 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount. |
|
50 |
CVE-2010-2538 |
189 |
|
Overflow +Info |
2010-09-30 |
2012-03-19 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. |
