The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly…
redhat·CWE-193·Published 2010-09-08
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
La función cfg80211_wext_giwessid en net/wireless/wext-compat.c en el kernel de Linux anterior a v2.6.36-rc3-next-20100831 no inicializa adecuadamente determinadas estructuras de miembros, lo que permite a usuarios locales aprovechar un error off-by-one en la función net/wireless/wext-core.c y obtener información potencialmente sensible desde la memoria dinámica (heap) del kernel, a través de vectores que involucran una llamada SIOCGIWESSID ioctl que especifica un gran tamaño de búfer.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 2.1 | 3.9 | 2.9 | AV:L/AC:L/Au:N/C:P/I:N/A:N |