CVE-2004-0535 Information

Description

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a \buffer overflow\ by some sources.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 http://lwn.net/Articles/91155/ http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log http://www.mandriva.com/security/advisories?name=MDKSA-2004:062 http://www.novell.com/linux/security/advisories/2004_20_kernel.html http://www.redhat.com/support/errata/RHSA-2004-413.html http://www.redhat.com/support/errata/RHSA-2004-418.html http://www.securityfocus.com/bid/10352 https://exchange.xforce.ibmcloud.com/vulnerabilities/16159 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11136