CVE-2010-4649
kernel: IB/uverbs: Handle large number of entries in poll CQ
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.
Desbordamiento de enteros en la función ib_uverbs_poll_cq en drivers/InfiniBand/core/uverbs_cmd.c en el kernel de Linux antes de v2.6.37 permite a usuarios locales causar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de un valor grande de un determinado miembro de una estructura.
USN-1080-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for use with EC2. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-01-03 CVE Reserved
- 2011-01-31 CVE Published
- 2011-09-14 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7182afea8d1afd432a17c18162cc3fd441d0da93 | X_refsource_confirm | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 | Broken Link | |
| http://www.securityfocus.com/bid/46073 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/105078 | 2011-09-14 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=667916 | 2011-07-15 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2011-0927.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2010-4649 | 2011-07-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 5.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 5.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "5.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0" | - |
Affected
| ||||||