Your submission was sent successfully! Close

CVE-2010-1083

Published: 6 April 2010

The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-28.70)
intrepid Ignored
(was needed [reached end-of-life] now end-of-life)
jaunty
Released (2.6.28-19.61)
karmic
Released (2.6.31-22.60)
lucid
Released (2.6.32-22.35)
upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-55.84)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

upstream Needs triage