Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4525

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2010-4525
Last Modified 19 Mar 2012 12:00:00
Published 10 Jan 2011 10:00:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2010-4525

Summary

Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.33

  • Linux Kernel 2.6.34


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4525

XF - kernel-kvmvcpueventsinterrupt-info-disc(64519)

VUPEN - ADV-2011-0123

BID - 45676

REDHAT - RHSA-2011:0028

REDHAT - RHSA-2011:0007

MLIST - [oss-security] 20110106 Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak

MLIST - [oss-security] 20110105 Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak

MLIST - [oss-security] 20110105 CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak

SECUNIA - 42890

OSVDB - 70377


Last Updated: 27 May 2016 10:49:34