CVE-2004-0685
Vulnerability Summary
Timeline
Description
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.15%• Percentile: 35%
Affected Systems
- linux•linux_kernel
2.2.0 | 2.2.1 | 2.2.2 | 2.2.3 | 2.2.4 | 2.2.5 | 2.2.6 | 2.2.7 | 2.2.8 | 2.2.9 | 2.2.10 | 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.15:pre16 | 2.2.15_pre20 | 2.2.16 | 2.2.16:pre6 | 2.2.17 | 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24 | 2.2.25 | 2.3.0 | 2.3.99 | 2.3.99:pre1 | 2.3.99:pre2 | 2.3.99:pre3 | 2.3.99:pre4 | 2.3.99:pre5 | 2.3.99:pre6 | 2.3.99:pre7 | 2.4.0 | 2.4.0:test1 | 2.4.0:test10 | 2.4.0:test11 | 2.4.0:test12 | 2.4.0:test2 | 2.4.0:test3 | 2.4.0:test4 | 2.4.0:test5 | 2.4.0:test6 | 2.4.0:test7 | 2.4.0:test8 | 2.4.0:test9 | 2.4.1 | 2.4.2 | 2.4.3 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.11 | 2.4.12 | 2.4.13 | 2.4.14 | 2.4.15 | 2.4.16 | 2.4.17 | 2.4.18 | 2.4.18:pre1 | 2.4.18:pre2 | 2.4.18:pre3 | 2.4.18:pre4 | 2.4.18:pre5 | 2.4.18:pre6 | 2.4.18:pre7 | 2.4.18:pre8 | 2.4.19 | 2.4.19:pre1 | 2.4.19:pre2 | 2.4.19:pre3 | 2.4.19:pre4 | 2.4.19:pre5 | 2.4.19:pre6 | 2.4.20 | 2.4.21 | 2.4.21:pre1 | 2.4.21:pre4 | 2.4.21:pre7 | 2.4.22 | 2.4.23 | 2.4.23:pre9 | 2.4.23_ow2 | 2.4.24 | 2.4.24_ow1 | 2.4.25 | 2.4.26 | 2.4.27:pre1 | 2.4.27:pre2 | 2.4.27:pre3 | 2.4.27:pre4 | 2.4.27:pre5 | 2.5.0 | 2.5.1 | 2.5.2 | 2.5.3 | 2.5.4 | 2.5.5 | 2.5.6 | 2.5.7 | 2.5.8 | 2.5.9 | 2.5.10 | 2.5.11 | 2.5.12 | 2.5.13 | 2.5.14 | 2.5.15 | 2.5.16 | 2.5.17 | 2.5.18 | 2.5.19 | 2.5.20 | 2.5.21 | 2.5.22 | 2.5.23 | 2.5.24 | 2.5.25 | 2.5.26 | 2.5.27 | 2.5.28 | 2.5.29 | 2.5.30 | 2.5.31 | 2.5.32 | 2.5.33 | 2.5.34 | 2.5.35 | 2.5.36 | 2.5.37 | 2.5.38 | 2.5.39 | 2.5.40 | 2.5.41 | 2.5.42 | 2.5.43 | 2.5.44 | 2.5.45 | 2.5.46 | 2.5.47 | 2.5.48 | 2.5.49 | 2.5.50 | 2.5.51 | 2.5.52 | 2.5.53 | 2.5.54 | 2.5.55 | 2.5.56 | 2.5.57 | 2.5.58 | 2.5.59 | 2.5.60 | 2.5.61 | 2.5.62 | 2.5.63 | 2.5.64 | 2.5.65 | 2.5.66 | 2.5.67 | 2.5.68 | 2.5.69 | 2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6_test9_cvs
- redhat•enterprise_linux
3.0
- redhat•enterprise_linux_desktop
3.0
- trustix•secure_linux
2.0 | 2.1
References (19)
- http://secunia.com/advisories/20163
- http://www.kb.cert.org/vuls/id/981134
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16931
- http://www.securityspace.com/smysecure/catid.html?id=14580
- http://www.debian.org/security/2006/dsa-1082
- http://www.securityfocus.com/bid/10892
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921
- http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
- http://www.debian.org/security/2006/dsa-1070
- http://secunia.com/advisories/20162
- http://www.trustix.net/errata/2004/0041/
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.redhat.com/support/errata/RHSA-2004-505.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10665
- http://secunia.com/advisories/20202
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://secunia.com/advisories/20338