REDHAT-BUG-649713
First published: Thu Nov 04 2010(Updated: )
Description of problem: Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater field of fsa struct. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. Reference: <a href="http://marc.info/?l=linux-netdev&m=128854507120898&w=2">http://marc.info/?l=linux-netdev&m=128854507120898&w=2</a> <a href="http://seclists.org/oss-sec/2010/q4/94">http://seclists.org/oss-sec/2010/q4/94</a> Acknowledgements: Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-649713?
The severity of REDHAT-BUG-649713 is classified as medium due to the potential for sensitive data leakage.
How do I fix REDHAT-BUG-649713?
To fix REDHAT-BUG-649713, ensure to apply the latest patch provided by Red Hat for the Linux Kernel.
What is the impact of REDHAT-BUG-649713?
The impact of REDHAT-BUG-649713 includes leaking kernel stack memory contents which could expose sensitive information.
Which software versions are affected by REDHAT-BUG-649713?
REDHAT-BUG-649713 affects certain versions of the Red Hat Linux Kernel.
Is there a workaround for REDHAT-BUG-649713?
Currently, there are no documented workarounds for REDHAT-BUG-649713; applying the patch is recommended.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-3875
- agent/source
- agent/severity
- agent/description
- agent/references
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat linux