Vulnerability Report

CVE-2010-3881

Title: Redhat Enterprise Linux Workstation Information Disclosure

Information Disclosure

Proof Of Concept

No public PoC currently indexed for CVE-2010-3881.

CWE Category CWE-200

Published Date Dec 23, 2010

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 2.1 CVSS v2.0

Exploit Probability (EPSS)

0.08%

Vulnerability Summary

CVE-2010-3881: arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

Impacted Vendors

Reference Links

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838 http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://openwall.com/lists/oss-security/2010/11/04/10 http://openwall.com/lists/oss-security/2010/11/05/4 http://rhn.redhat.com/errata/RHSA-2010-0998.html http://secunia.com/advisories/42932 http://securitytracker.com/id?1024912 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 http://www.securityfocus.com/bid/44666 http://www.spinics.net/lists/kvm/msg44130.html http://www.vupen.com/english/advisories/2010/3287 http://www.vupen.com/english/advisories/2011/0124 http://www.vupen.com/english/advisories/2011/0298 https://bugzilla.redhat.com/show_bug.cgi?id=649920 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838 http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://openwall.com/lists/oss-security/2010/11/04/10 http://openwall.com/lists/oss-security/2010/11/05/4 http://rhn.redhat.com/errata/RHSA-2010-0998.html http://secunia.com/advisories/42932 http://securitytracker.com/id?1024912 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 http://www.securityfocus.com/bid/44666 http://www.spinics.net/lists/kvm/msg44130.html http://www.vupen.com/english/advisories/2010/3287 http://www.vupen.com/english/advisories/2011/0124 http://www.vupen.com/english/advisories/2011/0298 https://bugzilla.redhat.com/show_bug.cgi?id=649920

CVSS v2.0

Source Entity [email protected]

Severity LOW

2.1

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2010-3881 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

December 23, 2010 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:L/AC:L/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.