Missing Initialization of Resource
CVE-2011-1044
Summary
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.
- LOW
- LOCAL
- NONE
- NONE
- PARTIAL
- NONE
CWE-909 - Missing Initialization of Resource
The software does not initialize a critical resource.
References
Advisory Timeline
- Published