CVE-2010-2942

Description

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

References

Link	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=624903	issue tracking third party advisory patch
http://www.redhat.com/support/errata/RHSA-2010-0723.html	vendor advisory broken link
http://www.ubuntu.com/usn/USN-1000-1	third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html	mailing list third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2010-0771.html	vendor advisory broken link
http://www.securityfocus.com/archive/1/520102/100/0/threaded	mailing list vdb entry third party advisory
http://secunia.com/advisories/46397	third party advisory broken link
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2	broken link
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html	mailing list third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/2430	vdb entry broken link
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html	mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html	mailing list third party advisory vendor advisory
http://www.vupen.com/english/advisories/2011/0298	vdb entry broken link
http://patchwork.ozlabs.org/patch/61857/	mailing list third party advisory patch
http://www.vmware.com/security/advisories/VMSA-2011-0012.html	third party advisory
http://support.avaya.com/css/P8/documents/100113326	third party advisory
http://www.openwall.com/lists/oss-security/2010/08/18/1	mailing list third party advisory patch
http://www.securityfocus.com/bid/42529	vdb entry third party advisory
http://www.openwall.com/lists/oss-security/2010/08/19/4	mailing list third party advisory patch
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html	mailing list third party advisory vendor advisory
http://secunia.com/advisories/41512	third party advisory broken link
http://www.redhat.com/support/errata/RHSA-2010-0779.html	vendor advisory broken link

Frequently Asked Questions

What is the severity of CVE-2010-2942?: CVE-2010-2942 has been scored as a medium severity vulnerability.
How to fix CVE-2010-2942?: To fix CVE-2010-2942, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2010-2942 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2010-2942 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-401 – Missing Release of Memory after Effective Lifetime

References

Frequently Asked Questions