Linux Kernel 2.4 RTC Handling Routines Memory Disclosure Vulnerability

The Linux kernel 2.4 tree has been reported prone to a memory-disclosure vulnerability. The issue is reported to present itself in kernel realtime clock (RTC) interface procedures and may result in kernel memory stack data being leaked into userland. The problem stems from an internal RTC structure that isn't properly initialized with zeros before being read, potentially returning random contents of kernel stack memory when this operation occurs. This could expose sensitive information such as credentials to unprivileged users.


Privacy Statement
Copyright 2010, SecurityFocus