CVE-2010-4158

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (11^th)

Affected Products 7

Advisories 16

The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Related CVEs

CVE-2010-4161

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2010-12-30 19:00:03
(13 years ago)
Updated Date: 2023-02-13 04:27:31
(19 months ago)

Affected Products

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 2.6.36.2 version	cpe:2.3:o:linux:linux_kernel		< 2.6.36.2

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 13	cpe:2.3:o:fedoraproject:fedora:13

Configuration #3

		CPE23	From	Up To
	Opensuse 11.2	cpe:2.3:o:opensuse:opensuse:11.2
	Opensuse 11.3	cpe:2.3:o:opensuse:opensuse:11.3
	Suse Linux Enterprise Desktop 10 SP3	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3
	Suse Linux Enterprise Desktop 11 SP1	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1
	Suse Linux Enterprise Real Time Extension 11 SP1	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1
	Suse Linux Enterprise Server 9	cpe:2.3:o:suse:linux_enterprise_server:9
	Suse Linux Enterprise Server 10 SP3	cpe:2.3:o:suse:linux_enterprise_server:10:sp3
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1
	Suse Linux Enterprise Software Development Kit 10 SP3	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3

Weaknesses

Related CVEs

Affected Products

Fedoraproject

Linux

Opensuse

Suse

Configuration #1

Configuration #2

Configuration #3