Missing Initialization of Resource
CVE-2010-4078
Summary
The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.
- MEDIUM
- LOCAL
- NONE
- NONE
- PARTIAL
- NONE
CWE-909 - Missing Initialization of Resource
The software does not initialize a critical resource.
References
Advisory Timeline
- Published
