The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
Exploitability
AV:LAC:MAu:NImpact
C:PI:NA:N1.9/AV:L/AC:M/Au:N/C:P/I:N/A:N