CVE-2010-2942

Published: Sep 21, 2010Modified: Apr 29, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

Affected (38)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Opensuse: Opensuse · +3 more

Show all products

Linux: Linux Kernel · Canonical: Ubuntu Linux · Opensuse: Opensuse · Suse: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server · Avaya: Aura Communication Manager, Aura Presence Services, Aura Session Manager, Aura System Manager, Aura System Platform, Iq, Voice Portal · Vmware: Esx

1 product

1 product

1 product

2 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Avaya

7 products

Aura Communication Manager

Aura Presence Services

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 2.6.35.13
Linux Linux Kernel	Version 2.6.36
Linux Linux Kernel	Version 2.6.36 rc1

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 10.10
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration C

8 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.1
Opensuse Opensuse	Version 11.3
Suse Suse Linux Enterprise Desktop	Version 10 sp3
Suse Suse Linux Enterprise Desktop	Version 11
Suse Suse Linux Enterprise Desktop	Version 11 sp1
Suse Suse Linux Enterprise Server	Version 10 sp3
Suse Suse Linux Enterprise Server	Version 11
Suse Suse Linux Enterprise Server	Version 11 sp1

Configuration D

19 vulnerable

Vulnerable Software	Affected Versions
Avaya Aura Communication Manager	Version 5.2
Avaya Aura Presence Services	Version 6.0
Avaya Aura Presence Services	Version 6.1.1
Avaya Aura Presence Services	Version 6.1
Avaya Aura Session Manager	Version 1.1
Avaya Aura Session Manager	Version 5.2
Avaya Aura Session Manager	Version 6.0
Avaya Aura System Manager	Version 5.2
Avaya Aura System Manager	Version 6.0
Avaya Aura System Manager	Version 6.1.1
Avaya Aura System Manager	Version 6.1
Avaya Aura System Platform	Version 1.1
Avaya Aura System Platform	Version 6.0
Avaya Aura System Platform	Version 6.0 sp1
Avaya Iq	Version 5.0
Avaya Iq	Version 5.1
Avaya Voice Portal	Version 5.0
Avaya Voice Portal	Version 5.1
Avaya Voice Portal	Version 5.1 sp1

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Vmware Esx	Version 4.0
Vmware Esx	Version 4.1

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (46)

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://patchwork.ozlabs.org/patch/61857/

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://secunia.com/advisories/41512

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/46397

Source: secalert@redhat.com

Broken Link

http://support.avaya.com/css/P8/documents/100113326

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2010/08/18/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2010/08/19/4

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0723.html

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0771.html

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0779.html

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/42529

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1000-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/2430

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2011/0298

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=624903

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8