CVE-2010-3881

Impact:
Low
Public Date:
2010-10-30
Bugzilla:
649920: CVE-2010-3881 kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory

The MITRE CVE dictionary describes this issue as:

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

Find out more about CVE-2010-3881 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for Kernel-based Virtual Machine (KVM). A future kernel update in Red
Hat Enterprise Linux 5 may address this flaw.

CVSS v2 metrics

Base Score 1.9
Base Metrics AV:L/AC:M/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Server EUS (v. 6.0) (kernel) RHSA-2011:0883 2011-06-21
Red Hat Enterprise Linux 6 (kernel) RHSA-2011:0542 2011-05-19
Red Hat Enterprise Linux Virtualization 5 (kvm) RHSA-2010:0998 2010-12-20

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 kernel Will not fix

Acknowledgements

Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.