Information exposure in Linux kernel

1) Information exposure

EUVDB-ID: #VU92569

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2010-3881

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information exposure error. A local user can gain access to sensitive information.

Mitigation

Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://www.spinics.net/lists/kvm/msg44130.html
https://www.vupen.com/english/advisories/2010/3287
https://bugzilla.redhat.com/show_bug.cgi?id=649920
https://openwall.com/lists/oss-security/2010/11/04/10
https://openwall.com/lists/oss-security/2010/11/05/4
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2
https://securitytracker.com/id?1024912
https://rhn.redhat.com/errata/RHSA-2010-0998.html
https://www.securityfocus.com/bid/44666
https://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
https://secunia.com/advisories/42932
https://www.vupen.com/english/advisories/2011/0124
https://www.vupen.com/english/advisories/2011/0298
https://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
https://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.