Unrated severityNVD Advisory· Published Nov 29, 2010· Updated Jun 16, 2026
CVE-2010-4074
CVE-2010-4074
Description
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <2.6.36
- cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*
- (no CPE)range: <2.6.36-rc5
Patches
Vulnerability mechanics
References
13- lkml.org/lkml/2010/9/15/392nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2010/09/25/2nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2010/10/07/1nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2010/10/25/3nvdMailing ListPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- secunia.com/advisories/42890nvdThird Party Advisory
- www.debian.org/security/2010/dsa-2126nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2010/10/06/6nvdMailing ListThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0958.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2011-0007.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/45074nvdThird Party AdvisoryVDB Entry
- www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5nvdBroken Link
- git.kernel.orgnvd
News mentions
0No linked articles in our index yet.