Heap memory initialization vulnerability in ethtool_get_rxnfc function in Linux kernel before 2.6.36

Heap memory initialization vulnerability in ethtool_get_rxnfc function in Linux kernel before 2.6.36

CVE-2010-3861 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.