Vulnerability DatabaseCVE-2010-2943
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2010-2943
September 30, 2010
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
Related ResourcesĀ (27)
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769
http://secunia.com/advisories/43161
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188
http://www.ubuntu.com/usn/USN-1057-1
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://support.avaya.com/css/P8/documents/100113326
http://secunia.com/advisories/42758
http://www.openwall.com/lists/oss-security/2010/08/19/5
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.openwall.com/lists/oss-security/2010/08/18/2
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/42527
https://bugzilla.redhat.com/show_bug.cgi?id=624923
http://secunia.com/advisories/46397
http://www.vupen.com/english/advisories/2011/0070
http://www.vupen.com/english/advisories/2011/0280
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
http://oss.sgi.com/archives/xfs/2010-06/msg00198.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2943
http://oss.sgi.com/archives/xfs/2010-06/msg00191.html
https://access.redhat.com/security/cve/CVE-2010-2943
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767
http://www.ubuntu.com/usn/USN-1041-1
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE
CVSS v2
Base Score:
6.4
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
EPSS
Base Score:
3.82