Published: 03/02/2010 Updated: 10/10/2018

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 495

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun opensolaris snv_77
sun opensolaris snv_72
sun opensolaris snv_85
sun opensolaris snv_84
sun opensolaris snv_82
sun opensolaris snv_99
sun opensolaris snv_95
sun opensolaris snv_94
sun opensolaris snv_105
sun opensolaris snv_106
sun opensolaris snv_114
sun opensolaris snv_115
sun opensolaris snv_122
sun opensolaris snv_123
sun opensolaris snv_130
sun solaris 10.0
sun opensolaris snv_74
sun opensolaris snv_73
sun opensolaris snv_86
sun opensolaris snv_81
sun opensolaris snv_80
sun opensolaris snv_92
sun opensolaris snv_91
sun opensolaris snv_101
sun opensolaris snv_102
sun opensolaris snv_110
sun opensolaris snv_111
sun opensolaris snv_118
sun opensolaris snv_119
sun opensolaris snv_126
sun opensolaris snv_127
sun opensolaris snv_78
sun opensolaris snv_71
sun opensolaris snv_76
sun opensolaris snv_75
sun opensolaris snv_89
sun opensolaris snv_83
sun opensolaris snv_90
sun opensolaris snv_96
sun opensolaris snv_103
sun opensolaris snv_104
sun opensolaris snv_112
sun opensolaris snv_113
sun opensolaris snv_120
sun opensolaris snv_121
sun opensolaris snv_128
sun opensolaris snv_129
sun opensolaris snv_131
sun opensolaris snv_132
sun opensolaris snv_70
sun opensolaris snv_79
sun opensolaris snv_87
sun opensolaris snv_88
sun opensolaris snv_97
sun opensolaris snv_98
sun opensolaris snv_93
sun opensolaris snv_100
sun opensolaris snv_107
sun opensolaris snv_108
sun opensolaris snv_109
sun opensolaris snv_116
sun opensolaris snv_117
sun opensolaris snv_124
sun opensolaris snv_125
sun opensolaris snv_133
sun opensolaris snv_69

/* * cve-2010-0453c -- Patroklos Argyroudis, argp at domain census-labscom * * Denial of service (kernel panic) PoC exploit for the UCODE_GET_VERSION * ioctl NULL pointer dereference vulnerability on Solaris/OpenSolaris: * * wwwtrapkitde/advisories/TKADV2010-001txt * webnvdnistgov/view/vuln/detail?vulnId=CVE-2010-0453 ...

This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris ...

CWE-20 http://osvdb.org/62046 http://www.vupen.com/english/advisories/2010/0270 http://www.securityfocus.com/bid/38016 http://secunia.com/advisories/38452 http://www.trapkit.de/advisories/TKADV2010-001.txt http://sunsolve.sun.com/search/document.do?assetkey=1-21-143913-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275910-1 http://www.us-cert.gov/cas/techalerts/TA10-103B.html http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021799.1-1 http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html https://exchange.xforce.ibmcloud.com/vulnerabilities/55991 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6959 http://www.securityfocus.com/archive/1/509276/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/11351/

CVE-2010-0453

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect