CVE-2010-3881

Published: 23 December 2010

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

From the Ubuntu security team

Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc2)
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc2)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream Needs triage

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.36.2)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream Needs triage

linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream Needs triage