Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users.
USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copies uninitialized memory from kernel space to user space (with the copy_to_user function), the previous kernel memory contents will be copied as well. In some cases, this will grant a user inappropriate access to sensitive segments of kernel memory.
Users may be able to view sensitive segments of kernel memory.
Check with Vendor
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.
Red Hat Inc.
Sun Microsystems Inc.
This vulnerability was reported by Tim Yamin.
This document was written by Jeff Gennari.
|Date First Published:||2004-10-22|
|Date Last Updated:||2004-10-25 15:05 UTC|