CVE-2010-4525

Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.

From the Ubuntu Security Team

Jan Kiszka discovered that KVM did not correctly initialize memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Other references

• http://www.openwall.com/lists/oss-security/2011/01/05/1
• https://www.cve.org/CVERecord?id=CVE-2010-4525