Kernel Memory Address Disclosure Vulnerability in Linux CAN Implementation

Kernel Memory Address Disclosure Vulnerability in Linux CAN Implementation

CVE-2010-4565 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.