CVE-2010-4258 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2010-4258

CVE-2010-4258

December 30, 2010

The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.

Related Resources (40)

http://secunia.com/advisories/42778

http://secunia.com/advisories/42745

http://marc.info/?l=linux-kernel&m=129117048916957&w=2

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

http://code.google.com/p/chromium-os/issues/detail?id=10234

http://openwall.com/lists/oss-security/2010/12/08/5

http://openwall.com/lists/oss-security/2010/12/09/14

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html

http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html

http://www.vupen.com/english/advisories/2011/0124

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html

http://www.vupen.com/english/advisories/2011/0213

https://bugzilla.redhat.com/show_bug.cgi?id=659567

http://googlechromereleases.blogspot.com/2011/01/chrome-os-beta-channel-update.html

http://openwall.com/lists/oss-security/2010/12/08/4

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html

http://openwall.com/lists/oss-security/2010/12/08/9

http://openwall.com/lists/oss-security/2010/12/02/4

http://secunia.com/advisories/42801

http://www.vupen.com/english/advisories/2011/0298

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html

http://openwall.com/lists/oss-security/2010/12/02/2

https://lkml.org/lkml/2010/12/1/543

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2

http://openwall.com/lists/oss-security/2010/12/02/3

https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4258

http://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/

http://secunia.com/advisories/42932

http://secunia.com/advisories/43056

http://www.vupen.com/english/advisories/2010/3321

http://openwall.com/lists/oss-security/2010/12/02/7

http://secunia.com/advisories/43291

http://www.vupen.com/english/advisories/2011/0375

http://www.mandriva.com/security/advisories?name=MDVSA-2011:029

http://www.vupen.com/english/advisories/2011/0012

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177

http://openwall.com/lists/oss-security/2010/12/09/4

https://access.redhat.com/security/cve/CVE-2010-4258

Do you need more information?

CVSS v4

Base Score:

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

6.2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

Weakness Type (CWE)

Improper Privilege Management

EPSS

Base Score:

5.86