CVE-2010-4072
UnknownEPSS 0.38%
Last modified
CVE-2010-4072 is a vulnerability of currently unknown severity. The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface.". EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | < 2.6.37 | — |
| Linux | Linux Kernel | 2.6.37 | — |
| Opensuse | Opensuse | 11.3 | — |
| Suse | Linux Enterprise Desktop | 10 | Sp3 |
| Suse | Linux Enterprise Desktop | 11 | Sp1 |
| Suse | Linux Enterprise Real Time Extension | 11 | Sp1 |
| Suse | Linux Enterprise Server | 9 | — |
| Suse | Linux Enterprise Server | 10 | Sp3 |
| Suse | Linux Enterprise Server | 11 | Sp1 |
| Suse | Linux Enterprise Software Development Kit | 10 | Sp3 |
| Debian | Debian Linux | 5.0 | — |
| Canonical | Ubuntu Linux | 6.06 | — |
| Canonical | Ubuntu Linux | 9.10 | — |
| Canonical | Ubuntu Linux | 10.04 | — |
| Canonical | Ubuntu Linux | 10.10 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
- http://lkml.org/lkml/2010/10/6/454Patch, Third Party Advisory
- http://secunia.com/advisories/42758Third Party Advisory
- http://secunia.com/advisories/42778Third Party Advisory
- http://secunia.com/advisories/42884Third Party Advisory
- http://secunia.com/advisories/42890Third Party Advisory
- http://secunia.com/advisories/42932Third Party Advisory
- http://secunia.com/advisories/42963Third Party Advisory
- http://secunia.com/advisories/43161Third Party Advisory
- http://secunia.com/advisories/43291Third Party Advisory
- http://secunia.com/advisories/46397Third Party Advisory
- http://www.debian.org/security/2010/dsa-2126Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:029Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:051Third Party Advisory
- http://www.openwall.com/lists/oss-security/2010/10/07/1Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2010/10/25/3Mailing List, Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0958.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2011-0007.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2011-0162.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/45054Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-1041-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-1057-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2011/0012Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0070Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0124Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0168Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0280Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0375Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=648656Issue Tracking, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
- http://lkml.org/lkml/2010/10/6/454Patch, Third Party Advisory
- http://secunia.com/advisories/42758Third Party Advisory
- http://secunia.com/advisories/42778Third Party Advisory
- http://secunia.com/advisories/42884Third Party Advisory
- http://secunia.com/advisories/42890Third Party Advisory
- http://secunia.com/advisories/42932Third Party Advisory
- http://secunia.com/advisories/42963Third Party Advisory
- http://secunia.com/advisories/43161Third Party Advisory
- http://secunia.com/advisories/43291Third Party Advisory
- http://secunia.com/advisories/46397Third Party Advisory
- http://www.debian.org/security/2010/dsa-2126Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:029Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:051Third Party Advisory
- http://www.openwall.com/lists/oss-security/2010/10/07/1Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2010/10/25/3Mailing List, Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0958.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2011-0007.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2011-0162.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/45054Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-1041-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-1057-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2011/0012Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0070Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0124Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0168Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0280Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0375Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=648656Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-4072?
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
How severe is CVE-2010-4072?
Severity scoring for CVE-2010-4072 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.
How do I fix CVE-2010-4072?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2010-4072?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST