Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2010-4158

Disclosure Date: December 30, 2010 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Products

References

Canonical

CVE-2010-4158 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158)

BID-44758 (http://www.securityfocus.com/bid/44758)

Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html

SECUNIA-42778 (http://secunia.com/advisories/42778)

SECUNIA-42801 (http://secunia.com/advisories/42801)

20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (http://www.securityfocus.com/archive/1/520102/100/0/threaded)

http://www.redhat.com/support/errata/RHSA-2011-0017.html

SECUNIA-46397 (http://secunia.com/advisories/46397)

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html

FEDORA-2010-18983 (http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html)

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html

SECUNIA-42932 (http://secunia.com/advisories/42932)

http://www.redhat.com/support/errata/RHSA-2011-0007.html

ADV-2011-0124 (http://www.vupen.com/english/advisories/2011/0124)

[netdev] 20101109 [PATCH] Prevent reading uninitialized memory with socket filters (http://www.spinics.net/lists/netdev/msg146361.html)

20101118 Re: Kernel 0-day (http://www.securityfocus.com/archive/1/514845)

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html

ADV-2010-3321 (http://www.vupen.com/english/advisories/2010/3321)

ADV-2011-0298 (http://www.vupen.com/english/advisories/2011/0298)

http://www.redhat.com/support/errata/RHSA-2010-0958.html

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2

SECUNIA-42963 (http://secunia.com/advisories/42963)

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

SECUNIA-42884 (http://secunia.com/advisories/42884)

ADV-2011-0375 (http://www.vupen.com/english/advisories/2011/0375)

SECUNIA-42890 (http://secunia.com/advisories/42890)

https://bugzilla.redhat.com/show_bug.cgi?id=651698

http://www.redhat.com/support/errata/RHSA-2011-0162.html

ADV-2011-0012 (http://www.vupen.com/english/advisories/2011/0012)

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html

ADV-2011-0168 (http://www.vupen.com/english/advisories/2011/0168)

http://www.mandriva.com/security/advisories?name=MDVSA-2011:029

SECUNIA-42745 (http://secunia.com/advisories/42745)

SECUNIA-43291 (http://secunia.com/advisories/43291)

20101109 Kernel 0-day (http://www.securityfocus.com/archive/1/514705)

http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=57fe93b374a6b8711995c2d466c502af9f3a08bb

20101109 Kernel 0-day (http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html)

Miscellaneous

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57fe93b374a6b8711995c2d466c502af9f3a08bb

Rapid7

Technical Analysis