CVE-2010-2942
Summary
| CVE | CVE-2010-2942 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-09-21 18:00:00 UTC |
| Updated | 2023-02-13 04:21:00 UTC |
| Description | The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. |
Risk And Classification
Problem Types: CWE-401
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Aura Communication Manager | 5.2 | All | All | All |
| Application | Avaya | Aura Communication Manager | 5.2 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.0 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.1 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.1.1 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.0 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.1 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.1.1 | All | All | All |
| Application | Avaya | Aura Session Manager | 1.1 | All | All | All |
| Application | Avaya | Aura Session Manager | 5.2 | All | All | All |
| Application | Avaya | Aura Session Manager | 6.0 | All | All | All |
| Application | Avaya | Aura Session Manager | 1.1 | All | All | All |
| Application | Avaya | Aura Session Manager | 5.2 | All | All | All |
| Application | Avaya | Aura Session Manager | 6.0 | All | All | All |
| Application | Avaya | Aura System Manager | 5.2 | All | All | All |
| Application | Avaya | Aura System Manager | 6.0 | All | All | All |
| Application | Avaya | Aura System Manager | 6.1 | All | All | All |
| Application | Avaya | Aura System Manager | 6.1.1 | All | All | All |
| Application | Avaya | Aura System Manager | 5.2 | All | All | All |
| Application | Avaya | Aura System Manager | 6.0 | All | All | All |
| Application | Avaya | Aura System Manager | 6.1 | All | All | All |
| Application | Avaya | Aura System Manager | 6.1.1 | All | All | All |
| Application | Avaya | Aura System Platform | 1.1 | All | All | All |
| Application | Avaya | Aura System Platform | 6.0 | - | All | All |
| Application | Avaya | Aura System Platform | 6.0 | sp1 | All | All |
| Application | Avaya | Aura System Platform | 1.1 | All | All | All |
| Application | Avaya | Aura System Platform | 6.0 | - | All | All |
| Application | Avaya | Aura System Platform | 6.0 | sp1 | All | All |
| Application | Avaya | Iq | 5.0 | All | All | All |
| Application | Avaya | Iq | 5.1 | All | All | All |
| Application | Avaya | Iq | 5.0 | All | All | All |
| Application | Avaya | Iq | 5.1 | All | All | All |
| Application | Avaya | Voice Portal | 5.0 | All | All | All |
| Application | Avaya | Voice Portal | 5.1 | - | All | All |
| Application | Avaya | Voice Portal | 5.1 | sp1 | All | All |
| Application | Avaya | Voice Portal | 5.0 | All | All | All |
| Application | Avaya | Voice Portal | 5.1 | - | All | All |
| Application | Avaya | Voice Portal | 5.1 | sp1 | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 6.06 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 8.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 9.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 9.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 6.06 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 8.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 9.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 9.10 | All | All | All |
| Operating System | Linux | Linux Kernel | 2.6.36 | - | All | All |
| Operating System | Linux | Linux Kernel | 2.6.36 | rc1 | All | All |
| Operating System | Linux | Linux Kernel | 2.6.36 | - | All | All |
| Operating System | Linux | Linux Kernel | 2.6.36 | rc1 | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Opensuse | Opensuse | 11.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 11.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 11.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 11.3 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 10 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | - | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | sp1 | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 10 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | - | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | sp1 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 10 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | - | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp1 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 10 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | - | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp1 | All | All |
| Operating System | Vmware | Esx | 4.0 | All | All | All |
| Operating System | Vmware | Esx | 4.1 | All | All | All |
| Operating System | Vmware | Esx | 4.0 | All | All | All |
| Operating System | Vmware | Esx | 4.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] SUSE Security Announcement: Realtime Linux Kernel (S | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Broken Link |
| [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| net sched: fix some kernel memory leaks - Patchwork | CONFIRM | patchwork.ozlabs.org | Mailing List, Patch, Third Party Advisory |
| Support | REDHAT | www.redhat.com | Broken Link |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | Third Party Advisory, VDB Entry |
| git.kernel.org | CONFIRM | git.kernel.org | Broken Link |
| oss-security - CVE request - kernel: net sched memleak | MLIST | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| oss-security - Re: CVE request - kernel: net sched memleak | MLIST | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| USN-1000-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Bug 624903 – CVE-2010-2942 kernel: net sched: fix some kernel memory leaks | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| 404: File not found | CONFIRM | www.kernel.org | Broken Link |
| [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| ASA-2010-291 (RHSA-2010-0723) | CONFIRM | support.avaya.com | Third Party Advisory |
| VMSA-2011-0012.2 | CONFIRM | www.vmware.com | Third Party Advisory |
| Support | REDHAT | www.redhat.com | Broken Link |
| access.redhat.com | CVE-2010-2942 | MISC | access.redhat.com | |
| SUSE update for kernel - Secunia.com | SECUNIA | secunia.com | Broken Link |
| git.kernel.org | MISC | git.kernel.org | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Broken Link |
| Linux Kernel 'net/sched/act_police.c' File Memory Leak Local Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Broken Link |
| Support | REDHAT | www.redhat.com | Broken Link |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.