CVE-2010-4175
Ubuntu Security Notice USN-1089-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865.
Desbordamiento de entero en la función rds_cmsg_rdma_args (net/rds/rdma.c) del kernel de Linux 2.6.35. Permite a usuarios locales provocar una denegación de servicio (caída) y posiblemente una corrupción de memoria a través de una petición RDS ("Reliable Datagram Sockets"). Una vulnerabilidad distinta a la CVE-2010-3865.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-04 CVE Reserved
- 2011-01-11 CVE Published
- 2011-09-14 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/42778 | Third Party Advisory | |
| http://secunia.com/advisories/42801 | Third Party Advisory | |
| http://secunia.com/advisories/42932 | Third Party Advisory | |
| http://www.securityfocus.com/bid/44921 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0012 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0124 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0298 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64618 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/105078 | 2011-09-14 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=linux-netdev&m=129001184803080&w=2 | 2017-08-17 | |
| http://www.openwall.com/lists/oss-security/2010/11/17/8 | 2017-08-17 | |
| http://www.openwall.com/lists/oss-security/2010/11/18/1 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.35 Search vendor "Linux" for product "Linux Kernel" and version "2.6.35" | - |
Affected
| ||||||