Security Advisory

CVE-2010-2955

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2010-09-08 19:00:00

Last updated 2024-08-07 02:55:45

Assigner redhat

State PUBLISHED

Description

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.

← Browse all CVEs View on cve.org ↗