{
  "threat_severity" : "Moderate",
  "public_date" : "2010-09-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak",
    "id" : "630804",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=630804"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-401",
  "details" : [ "The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call." ],
  "statement" : "This issue did not affect the version of Linux kernel as shipped with Red Hat\nEnterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include\nsupport for the XFS file system.  This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html",
  "acknowledgement" : "Red Hat would like to thank Dan Rosenberg for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2010-11-10T00:00:00Z",
    "advisory" : "RHSA-2010:0839",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-194.26.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-01-11T00:00:00Z",
    "advisory" : "RHSA-2011:0007",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-71.14.1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-3078\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3078" ],
  "name" : "CVE-2010-3078",
  "csaw" : false
}