CVE-2010-5328

Опубликовано: 27 мая 2010

Источник: redhat

CVSS3: 4.7

CVSS2: 4.7

Описание

include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group.

A process that is in the same process group as the ''init'' process (group id zero) can crash the Linux kernel with several system calls by passing in a process ID or process group ID of zero; a special value that indicates the current process ID or process group.

Отчет

This flaw affects Red Hat Enteprise Linux 5 and 6 and is not able to be exploited in the default configuration. Administrators would need to replace the init daemon with alternative systems to exploit this system crash correctly. No update is planned to be released for this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-456

https://bugzilla.redhat.com/show_bug.cgi?id=1358840kernel: Processes having the same group as `init` can crash kernel

4.7 Medium

CVSS3

4.7 Medium

CVSS2

Связанные уязвимости

CVE-2010-5328

CVSS3: 5.5

ubuntu

около 9 лет назад

CVE-2010-5328

CVSS3: 5.5

nvd

около 9 лет назад

CVE-2010-5328

CVSS3: 5.5

debian

около 9 лет назад

include/linux/init_task.h in the Linux kernel before 2.6.35 does not p ...

GHSA-94ph-vxq4-3m42

CVSS3: 5.5

github

больше 3 лет назад

4.7 Medium

CVSS3

4.7 Medium

CVSS2