CVE-2010-4668

Опубликовано: 03 янв. 2011

Источник: nvd

CVSS2: 4.7

EPSS Низкий

Описание

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.

Ссылки

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5478755616ae2ef1ce144dded589b62b2a50d575
http://lkml.org/lkml/2010/11/29/68
Mailing List
Patch
Third Party Advisory
http://lkml.org/lkml/2010/11/29/70
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2010/11/29/1
Mailing List
Patch
Third Party Advisory
http://openwall.com/lists/oss-security/2010/11/30/4
Mailing List
Patch
Third Party Advisory
http://openwall.com/lists/oss-security/2010/11/30/7
Mailing List
Patch
Third Party Advisory
http://secunia.com/advisories/42890
Third Party Advisory
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc7
Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0007.html
Third Party Advisory
http://www.securityfocus.com/bid/45660
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/64496
Third Party Advisory
VDB Entry
https://patchwork.kernel.org/patch/363282/
Patch
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5478755616ae2ef1ce144dded589b62b2a50d575
http://lkml.org/lkml/2010/11/29/68
Mailing List
Patch
Third Party Advisory
http://lkml.org/lkml/2010/11/29/70
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2010/11/29/1
Mailing List
Patch
Third Party Advisory
http://openwall.com/lists/oss-security/2010/11/30/4
Mailing List
Patch
Third Party Advisory
http://openwall.com/lists/oss-security/2010/11/30/7
Mailing List
Patch
Third Party Advisory
http://secunia.com/advisories/42890
Third Party Advisory
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc7
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 2.6.37 (исключая)

cpe:2.3:o:linux:linux_kernel:2.6.37:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.37:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.37:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.37:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.37:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.37:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.37:rc6:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00069

Низкий

4.7 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2010-4668

ubuntu

больше 14 лет назад

CVE-2010-4668

redhat

больше 14 лет назад

CVE-2010-4668

debian

больше 14 лет назад

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...

GHSA-rpp2-qjhg-737g

github

около 3 лет назад

ELSA-2011-2010

oracle-oval

больше 14 лет назад

ELSA-2011-2010: Oracle Linux 6 Unbreakable Enterprise kernel security fix update (IMPORTANT)

EPSS

Процентиль: 22%

0.00069

Низкий

4.7 Medium

CVSS2

Дефекты

CWE-400