Launchpad.net

CVE 2010-1083

The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).

Related bugs and status

CVE-2010-1083 (Candidate) is related to these bugs:

Bug #485556: inotify oops with wd == 4096

		In	Importance	Status
485556	inotify oops with wd == 4096	linux (Ubuntu)	Medium	Fix Released
485556	inotify oops with wd == 4096	Linux	Medium	Expired
485556	inotify oops with wd == 4096	linux (Ubuntu Hardy)	Undecided	Fix Released
485556	inotify oops with wd == 4096	linux (Ubuntu Intrepid)	Undecided	Won't Fix
485556	inotify oops with wd == 4096	linux (Ubuntu Lucid)	Medium	Fix Released
485556	inotify oops with wd == 4096	linux (Ubuntu Jaunty)	Undecided	Fix Released
485556	inotify oops with wd == 4096	linux (Ubuntu Dapper)	Undecided	Won't Fix
485556	inotify oops with wd == 4096	linux (Ubuntu Karmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-1083

Related bugs and status

Related bugs

References