CVE-2010-3301

Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

La llamada del sistema IA32 para la emulación de binarios de 32 bits en arch/x86/ia32/ia32entry.S en el kernel Linux anterior a v2.6.36-rc4-git2 en la plataforma x86_64 no vuelve a cero el registro% eax después de la ruta de entrada de 32-bits cuando ptrace es utilizado, lo cual permite a usuarios locales conseguir privilegios mediante un acceso out-of-bounds a la tabla de llamadas al sistema usando el registro rax%. NOTA: esta vulnerabilidad ya existía en CVE-2007-4573

*Credits: N/A

CVSS Scores

NISTv2 7.2

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-09-13 CVE Reserved
2010-09-16 CVE Published
2010-09-16 First Exploit
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-269: Improper Privilege Management

CAPEC

References (19)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74de	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eefdca043e8391dcd719711716492063030b55ac	X_refsource_confirm
http://secunia.com/advisories/42758	Third Party Advisory
http://sota.gen.nz/compat2	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log	Broken Link
http://www.vupen.com/english/advisories/2010/3117	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0070	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/15023	2010-09-16
https://bugzilla.redhat.com/show_bug.cgi?id=634449	2024-08-07

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2010/09/16/1	2023-11-07
http://www.openwall.com/lists/oss-security/2010/09/16/3	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2010:247	2023-11-07
http://www.redhat.com/support/errata/RHSA-2010-0842.html	2023-11-07
http://www.ubuntu.com/usn/USN-1041-1	2023-11-07
https://access.redhat.com/security/cve/CVE-2010-3301	2010-11-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 2.6.36 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.36"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.36 Search vendor "Linux" for product "Linux Kernel" and version "2.6.36"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.36 Search vendor "Linux" for product "Linux Kernel" and version "2.6.36"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.36 Search vendor "Linux" for product "Linux Kernel" and version "2.6.36"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.36 Search vendor "Linux" for product "Linux Kernel" and version "2.6.36"		rc3		Affected
Suse Search vendor "Suse"		Linux Enterprise Real Time Extension Search vendor "Suse" for product "Linux Enterprise Real Time Extension"				11 Search vendor "Suse" for product "Linux Enterprise Real Time Extension" and version "11"		sp1		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10"		-		Affected