296,202
Total vulnerabilities in the database
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 3.9.0 | 3.9.0.x |
| linux / linux_kernel | 3.9.2 | 3.9.2.x |
| linux / linux_kernel | 3.9-rc4 | 3.9-rc4.x |
| linux / linux_kernel | 3.9-rc5 | 3.9-rc5.x |
| linux / linux_kernel | 3.9-rc3 | 3.9-rc3.x |
| linux / linux_kernel | 3.9-rc7 | 3.9-rc7.x |
| linux / linux_kernel | 3.9.3 | 3.9.3.x |
| linux / linux_kernel | - | 3.9.4.x |
| linux / linux_kernel | 3.9-rc2 | 3.9-rc2.x |
| linux / linux_kernel | 3.9-rc6 | 3.9-rc6.x |
| linux / linux_kernel | 3.9-rc1 | 3.9-rc1.x |
| linux / linux_kernel | 3.9.1 | 3.9.1.x |
| suse / linux_enterprise_server | 10-sp4 | 10-sp4.x |