1. Home
  2. Vulnerabilities
  3. CVE-2010-4074

CVE-2010-4074

CVSS v2.0 1.9 (Low)
19% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 2
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2010-11-29 16:00:02
(14 years ago)
Updated Date
2023-11-07 02:06:05
(10 months ago)

Affected Products

Debian

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 2.6.36 version cpe:2.3:o:linux:linux_kernel < 2.6.36
  Linux Kernel 2.6.36 cpe:2.3:o:linux:linux_kernel:2.6.36:-
  Linux Kernel 2.6.36 Rc1 cpe:2.3:o:linux:linux_kernel:2.6.36:rc1
  Linux Kernel 2.6.36 Rc2 cpe:2.3:o:linux:linux_kernel:2.6.36:rc2
  Linux Kernel 2.6.36 Rc3 cpe:2.3:o:linux:linux_kernel:2.6.36:rc3
  Linux Kernel 2.6.36 Rc4 cpe:2.3:o:linux:linux_kernel:2.6.36:rc4

Configuration #2

    CPE23 From Up To
  Debian Linux 5.0 cpe:2.3:o:debian:debian_linux:5.0