Skip to main content

Missing Initialization of Resource

CVE-2010-4082

Severity Low
Score 1.9/10

Summary

The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call.

  • MEDIUM
  • LOCAL
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-909 - Missing Initialization of Resource

The software does not initialize a critical resource.

References

Advisory Timeline

  • Published