Published: 03/02/2010 Updated: 10/10/2018

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 495

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun opensolaris snv 127
sun opensolaris snv 70
sun opensolaris snv 114
sun opensolaris snv 90
sun opensolaris snv 93
sun opensolaris snv 110
sun opensolaris snv 85
sun opensolaris snv 116
sun opensolaris snv 120
sun opensolaris snv 72
sun opensolaris snv 117
sun opensolaris snv 87
sun opensolaris snv 123
sun opensolaris snv 92
sun opensolaris snv 131
sun opensolaris snv 77
sun opensolaris snv 126
sun opensolaris snv 80
sun opensolaris snv 130
sun opensolaris snv 119
sun opensolaris snv 103
sun opensolaris snv 84
sun opensolaris snv 121
sun opensolaris snv 106
sun opensolaris snv 86
sun opensolaris snv 100
sun opensolaris snv 112
sun opensolaris snv 89
sun opensolaris snv 124
sun opensolaris snv 129
sun opensolaris snv 78
sun opensolaris snv 96
sun opensolaris snv 132
sun opensolaris snv 99
sun opensolaris snv 107
sun opensolaris snv 79
sun opensolaris snv 122
sun opensolaris snv 115
sun opensolaris snv 69
sun opensolaris snv 98
sun opensolaris snv 109
sun opensolaris snv 113
sun opensolaris snv 71
sun opensolaris snv 82
sun opensolaris snv 102
sun opensolaris snv 105
sun opensolaris snv 108
sun opensolaris snv 75
sun opensolaris snv 81
sun opensolaris snv 128
sun opensolaris snv 95
sun opensolaris snv 133
sun opensolaris snv 88
sun opensolaris snv 73
sun opensolaris snv 104
sun opensolaris snv 94
sun opensolaris snv 101
sun opensolaris snv 83
sun opensolaris snv 97
sun opensolaris snv 125
sun opensolaris snv 74
sun opensolaris snv 111
sun opensolaris snv 91
sun opensolaris snv 76
sun opensolaris snv 118
sun solaris 10.0

/* * cve-2010-0453c -- Patroklos Argyroudis, argp at domain census-labscom * * Denial of service (kernel panic) PoC exploit for the UCODE_GET_VERSION * ioctl NULL pointer dereference vulnerability on Solaris/OpenSolaris: * * wwwtrapkitde/advisories/TKADV2010-001txt * webnvdnistgov/view/vuln/detail?vulnId=CVE-2010-0453 ...

This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris ...

CWE-20 http://osvdb.org/62046 http://www.vupen.com/english/advisories/2010/0270 http://www.securityfocus.com/bid/38016 http://secunia.com/advisories/38452 http://www.trapkit.de/advisories/TKADV2010-001.txt http://sunsolve.sun.com/search/document.do?assetkey=1-21-143913-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275910-1 http://www.us-cert.gov/cas/techalerts/TA10-103B.html http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021799.1-1 http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html https://exchange.xforce.ibmcloud.com/vulnerabilities/55991 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6959 http://www.securityfocus.com/archive/1/509276/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/11351/

CVE-2010-0453

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect