DescriptionThe Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2009:051, published Mon, 02 Nov 2009 15:00:00 +0000
- SUSE-SA:2009:054, published Wed, 11 Nov 2009 15:00:00 +0000
- SUSE-SA:2009:056, published Mon, 16 Nov 2009 13:00:00 +0000
- SUSE-SA:2010:012, published Mon, 15 Feb 2010 16:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 07:00:06 2013
CVE page last modified: Tue Nov 29 00:38:24 2022