CVE-2010-3875 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-3875 PUBLISHED CVSS 2.0999999046325684 LOW

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

EPSS 0.07% · 22.1th percentile

Risk Scores

CVSS v2.0

2.0999999046325684

EPSS Score

0.07%

22.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
debian	debian_linux	5.0
linux	linux_kernel	0, 2.6.37, 2.6.37

Timeline

Jan 3, 2011 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 13, 2022 CVE Updated
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 url
[oss-security] 20101104 Re: CVE request: kernel stack infoleaks mailing-list
MDVSA-2011:051 vendor-advisory
[oss-security] 20101102 CVE request: kernel stack infoleaks mailing-list
[netdev] 20101031 [PATCH 1/3] net: ax25: fix information leak to userland mailing-list
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe10ae53384e48c51996941b7720ee16995cbcb7 url
MDVSA-2011:029 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=649713 url
44630 vdb
DSA-2126 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2010-3875 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe10ae53384e48c51996941b7720ee16995cbcb7 url

Open in Interactive Console →