CVE-2010-4346
kernel: install_special_mapping skips security_file_mmap check
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.
función install_special_mapping en mm/mmap.c en el kernel de Linux anterior v2.6.37-rc6 no crea una llamada a la función security_file_mmap esperada, lo que permite a usuarios locales superar las restricciones mmap_min_addr establecidas y probablemente conducir ataques referencia a puntero NULO a través de una aplicación con lenguaje ensamblador manipulado.
Multiple vulnerabilities have been discovered and fixed in the Linux 2.6 kernel. The X.25 implementation does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed data, a different vulnerability than CVE-2010-4164. The bcm_connect function Broadcast Manager in the Controller Area Network implementation in the Linux creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. The install_special_mapping function in mm/mmap.c does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. Various other issues have also been addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-30 CVE Reserved
- 2010-12-22 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=462e635e5b73ba9a4c03913b77138cd57ce4b050 | X_refsource_confirm | |
http://secunia.com/advisories/42570 | Third Party Advisory | |
http://secunia.com/advisories/46397 | Third Party Advisory | |
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6 | Broken Link | |
http://www.securityfocus.com/archive/1/520102/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/45323 | Third Party Advisory | |
http://www.vmware.com/security/advisories/VMSA-2011-0012.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://openwall.com/lists/oss-security/2010/12/09/12 | 2023-02-13 | |
http://openwall.com/lists/oss-security/2010/12/09/13 | 2023-02-13 | |
http://openwall.com/lists/oss-security/2010/12/10/2 | 2023-02-13 | |
http://openwall.com/lists/oss-security/2010/12/10/3 | 2023-02-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=662189 | 2011-04-12 | |
https://lkml.org/lkml/2010/12/9/222 | 2023-02-13 |
URL | Date | SRC |
---|---|---|
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2010-4346 | 2011-04-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37" | rc1 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37" | rc2 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37" | rc3 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37" | rc4 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37" | rc5 |
Affected
|