VYPR
Unrated severityNVD Advisory· Published Nov 29, 2010· Updated Jun 16, 2026

CVE-2010-4074

CVE-2010-4074

Description

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • Linux/Kernel7 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <2.6.36
    • cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*
    • (no CPE)range: <2.6.36-rc5

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.