{
  "threat_severity" : "Low",
  "public_date" : "2010-09-15T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory",
    "id" : "648659",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=648659"
  },
  "cvss" : {
    "cvss_base_score" : "1.9",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c." ],
  "statement" : "This issue did not affect the versions of Linux kernel as shipped with Red Hat\nEnterprise Linux 3, 4, and 5 as they did not include support for Moschip USB\nserial port adapters.",
  "acknowledgement" : "Red Hat would like to thank Dan Rosenberg for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "MRG for RHEL-5",
    "release_date" : "2010-12-08T00:00:00Z",
    "advisory" : "RHSA-2010:0958",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:1::el5",
    "package" : "kernel-rt-0:2.6.33.7-rt29.47.el5rt"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-01-11T00:00:00Z",
    "advisory" : "RHSA-2011:0007",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-71.14.1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-4074\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4074" ],
  "name" : "CVE-2010-4074",
  "csaw" : false
}