Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information.

1) The "ax25_getname()" function in net/ax25/af_ax25.c is not properly initialising a member of a certain structure before copying it to userspace, which can be exploited to disclose kernel stack memory.

2) The "packet_getname_spkt()" and "packet_getname()" functions in net/packet/af_packet.c are not properly initialising members of certain structures before copying them to userspace, which can be exploited to disclose kernel stack memory.

Successful exploitation of this weakness requires "CAP_NET_RAW" capabilities.

3) The "rs_ioctl()" function in drivers/char/amiserial.c and the "ntty_ioctl_tiocgicount()" function in drivers/char/nozomi.c are not properly initializing all members of certain structures before copying them to userspace, which can be exploited to disclose kernel stack memory by sending certain IOCTLs.

Solution
Update to version 2.6.37.1.

Provided and/or discovered by
1, 2) Vasiliy Kulikov
3) Dan Rosenberg

Changelog
Further details available to Secunia VIM customers

Original Advisory
1) http://permalink.gmane.org/gmane.linux.network/176803
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fe10ae53384e48c51996941b7720ee16995cbcb7
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5b919f833d9d60588d026ad82d17f17e8872c7a9
2) http://permalink.gmane.org/gmane.linux.network/176804
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=67286640f638f5ad41a946b9a3dc75327950248f
3) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0587102cf9f427c185bfdeb2cef41e13ee0264b1

Deep Links
Links available to Secunia VIM customers