// For flags

CVE-2010-4169

kernel: perf bug

Severity Score

4.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.

Una vulnerabilidad de uso después de liberación en mm/mprotect.c en las versiones del kernel de Linux anteriores a v2.6.37-rc2 permite a usuarios locales causar una denegación de servicio a través de vectores que implican una llamada de sistema a mprotect.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-11-04 CVE Reserved
  • 2010-11-20 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
References (20)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=63bfd7384b119409685a17d5c58f0b56e5dc03da X_refsource_confirm
http://secunia.com/advisories/42745 Third Party Advisory
http://secunia.com/advisories/42778 Third Party Advisory
http://secunia.com/advisories/42932 Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 Broken Link
http://www.securityfocus.com/bid/44861 Third Party Advisory
http://www.vupen.com/english/advisories/2010/3321 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0012 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0124 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/63316 Third Party Advisory
URL Date SRC
URL Date SRC
http://marc.info/?l=oss-security&m=128979684911295&w=2 2023-02-13
http://marc.info/?l=oss-security&m=128984344103497&w=2 2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=651671 2011-02-22
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0958.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2010-4169 2011-02-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"
rc1
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 13
Search vendor "Fedoraproject" for product "Fedora" and version "13"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 11.3
Search vendor "Opensuse" for product "Opensuse" and version "11.3"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 11
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11"
sp1
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Real Time Extension
Search vendor "Suse" for product "Linux Enterprise Real Time Extension"
 11
Search vendor "Suse" for product "Linux Enterprise Real Time Extension" and version "11"
sp1
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11
Search vendor "Suse" for product "Linux Enterprise Server" and version "11"
sp1
Affected