Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users.
USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copies uninitialized memory from kernel space to user space (with the copy_to_user function), the previous kernel memory contents will be copied as well. In some cases, this will grant a user inappropriate access to sensitive segments of kernel memory.
Users may be able to view sensitive segments of kernel memory.
Check with Vendor
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.
Gentoo Linux Affected
SuSE Inc. Affected
Ingrian Networks Not Affected
Hewlett-Packard Company Unknown
IBM eServer Unknown
MontaVista Software Unknown
Openwall GNU/*/Linux Unknown
Red Hat Inc. Unknown
Sun Microsystems Inc. Unknown
This vulnerability was reported by Tim Yamin.
This document was written by Jeff Gennari.
|Date First Published:||2004-10-22|
|Date Last Updated:||2004-10-25 15:05 UTC|