CVE-2004-0685
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/12/2004
Last modified:
03/04/2025
Description
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.9:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.11:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.13:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
- http://www.kb.cert.org/vuls/id/981134
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.redhat.com/support/errata/RHSA-2004-505.html
- http://www.securityfocus.com/bid/10892
- http://www.securityspace.com/smysecure/catid.html?id=14580
- http://www.trustix.net/errata/2004/0041/
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16931
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10665
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
- http://www.kb.cert.org/vuls/id/981134
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.redhat.com/support/errata/RHSA-2004-505.html
- http://www.securityfocus.com/bid/10892
- http://www.securityspace.com/smysecure/catid.html?id=14580
- http://www.trustix.net/errata/2004/0041/
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16931
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10665