Skip to main content

Missing Initialization of Resource

CVE-2010-3877

Severity Low
Score 1.9/10

Summary

The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

  • MEDIUM
  • LOCAL
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-909 - Missing Initialization of Resource

The software does not initialize a critical resource.

References

Advisory Timeline

  • Published