314677 – (CVE-2010-1083) Kernel: kernel memory leak (CVE-2010-1083)

Bug 314677 (CVE-2010-1083) - Kernel: kernel memory leak (CVE-2010-1083)

Summary: Kernel: kernel memory leak (CVE-2010-1083)

Status:	RESOLVED FIXED

Alias:	CVE-2010-1083

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[ linux < 2.6.33 ]
Keywords:

Depends on:
Blocks:

Reported:	2010-04-11 14:09 UTC by Stefan Behte (RETIRED)
Modified:	2013-09-15 19:34 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-04-11 14:09:17 UTC

CVE-2010-1083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1083):
  The processcompl_compat function in drivers/usb/core/devio.c in Linux
  kernel 2.6.x through 2.6.32, and possibly other versions, does not
  clear the transfer buffer before returning to userspace when a USB
  command fails, which might make it easier for physically proximate
  attackers to obtain sensitive information (kernel memory).