First published: Mon Nov 01 2010(Updated: )
Description of problem: The FBIOGET_VBLANK device ioctl in sis_main.c allows unprivileged users to read 16 bytes of uninitialized stack memory, because the 'reserved' member of the fb_vblank struct declared on the stack is not altered or zeroed before being copied back to the user. Reference: <a href="http://www.openwall.com/lists/oss-security/2010/10/06/6">http://www.openwall.com/lists/oss-security/2010/10/06/6</a> <a href="http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03385.html">http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03385.html</a> Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/linux-2.6 | ||
Linux Linux kernel | =2.6.36-rc2 | |
Linux Linux kernel | =2.6.36-rc1 | |
Linux Linux kernel | =2.6.36-rc5 | |
Linux Linux kernel | =2.6.36-rc3 | |
Linux Linux kernel | =2.6.36-rc4 | |
Linux Linux kernel | <2.6.36 | |
Linux Linux kernel | =2.6.36 | |
SUSE Linux Enterprise Server | =10-sp3 | |
openSUSE openSUSE | =11.2 | |
openSUSE openSUSE | =11.3 | |
SUSE Linux Enterprise Desktop | =10-sp3 | |
SUSE Linux Enterprise Software Development Kit | =10-sp3 | |
Suse Linux Enterprise Real Time Extension | =11-sp1 | |
Debian Debian Linux | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.