{ "threat_severity" : "Moderate", "public_date" : "2010-01-08T00:00:00Z", "bugzilla" : { "description" : "kernel: infoleak if print-fatal-signals=1", "id" : "554578", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=554578" }, "cvss" : { "cvss_base_score" : "6.6", "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:N/A:C", "status" : "verified" }, "details" : [ "The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address." ], "statement" : "A future update in Red Hat Enterprise MRG may address this flaw.\nThis issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.\nFor further information about Errata Support Policy, visit: https://access.redhat.com/support/policy/updates/errata/", "affected_release" : [ { "product_name" : "MRG for RHEL-5", "release_date" : "2010-03-23T00:00:00Z", "advisory" : "RHSA-2010:0161", "cpe" : "cpe:/a:redhat:enterprise_mrg:1::el5", "package" : "kernel-rt-0:2.6.24.7-149.el5rt" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2010-03-17T00:00:00Z", "advisory" : "RHSA-2010:0146", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "kernel-0:2.6.9-89.0.23.EL" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2010-03-17T00:00:00Z", "advisory" : "RHSA-2010:0147", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "kernel-0:2.6.18-164.15.1.el5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-0003\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-0003" ], "name" : "CVE-2010-0003", "csaw" : false }