~ubuntu-security/ubuntu-cve-tracker/master : contents of retired/CVE-2010-4074 at revision 13266

~ubuntu-security/ubuntu-cve-tracker/master : (revision 13266)
PublicDateAtUSN: 2010-11-29
Candidate: CVE-2010-4074
PublicDate: 2010-11-29
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4074
 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5
 http://lkml.org/lkml/2010/9/15/392
 http://www.ubuntu.com/usn/usn-1072-1
 http://www.ubuntu.com/usn/usn-1073-1
 http://www.ubuntu.com/usn/usn-1074-1
 http://www.ubuntu.com/usn/usn-1074-2
Description:
 The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly
 initialize certain structure members, which allows local users to obtain
 potentially sensitive information from kernel stack memory via vectors
 related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in
 drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in
 drivers/usb/serial/mos7840.c.
Ubuntu-Description:
 Dan Rosenberg discovered that the USB subsystem did not correctly
 initialize certian structures. A local attacker could exploit this to read
 kernel stack memory, leading to a loss of privacy.
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=648659
Priority: low
Discovered-by:
Assigned-to:

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.36~rc5)
dapper_linux-source-2.6.15: not-affected
hardy_linux-source-2.6.15: DNE
karmic_linux-source-2.6.15: DNE
lucid_linux-source-2.6.15: DNE
maverick_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux:
 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098
upstream_linux: released (2.6.36~rc5)
dapper_linux: DNE
hardy_linux: released (2.6.24-28.86)
karmic_linux: released (2.6.31-22.73)
lucid_linux: not-affected
maverick_linux: not-affected
devel_linux: not-affected

upstream_linux-ec2: released (2.6.36~rc5)
dapper_linux-ec2: DNE
hardy_linux-ec2: DNE
karmic_linux-ec2: released (2.6.31-307.27)
lucid_linux-ec2: not-affected
maverick_linux-ec2: ignored (binary supplied by "linux" now)
devel_linux-ec2: DNE

Patches_linux-ti-omap4:
upstream_linux-ti-omap4: released (2.6.36~rc5)
dapper_linux-ti-omap4: DNE
hardy_linux-ti-omap4: DNE
karmic_linux-ti-omap4: DNE
lucid_linux-ti-omap4: DNE
maverick_linux-ti-omap4: not-affected
devel_linux-ti-omap4: not-affected

upstream_linux-lts-backport-maverick: released (2.6.36~rc5)
dapper_linux-lts-backport-maverick: DNE
hardy_linux-lts-backport-maverick: DNE
karmic_linux-lts-backport-maverick: DNE
lucid_linux-lts-backport-maverick: not-affected
maverick_linux-lts-backport-maverick: DNE
devel_linux-lts-backport-maverick: DNE

Patches_linux-mvl-dove:
upstream_linux-mvl-dove: released (2.6.36~rc5)
dapper_linux-mvl-dove: DNE
hardy_linux-mvl-dove: DNE
karmic_linux-mvl-dove: ignored (abandonded branch)
lucid_linux-mvl-dove: not-affected
maverick_linux-mvl-dove: not-affected
devel_linux-mvl-dove: DNE

Patches_linux-fsl-imx51:
upstream_linux-fsl-imx51: released (2.6.36~rc5)
dapper_linux-fsl-imx51: DNE
hardy_linux-fsl-imx51: DNE
karmic_linux-fsl-imx51: released (2.6.31-112.30)
lucid_linux-fsl-imx51: released (2.6.31-608.22)
maverick_linux-fsl-imx51: DNE
devel_linux-fsl-imx51: DNE