Skip to main content

Missing Initialization of Resource

CVE-2010-3297

Severity Low
Score 2.1/10

Summary

The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

  • LOW
  • LOCAL
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-909 - Missing Initialization of Resource

The software does not initialize a critical resource.

References

Advisory Timeline

  • Published