Published: 03/01/2011 Updated: 07/11/2023

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

VMScore: 419

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel prior to 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.37
linux linux kernel

Multiple kernel flaws have been fixed ...

Multiple kernel vulnerabilities ...

An attacker could send crafted input to the kernel and cause it to crash ...

Multiple kernel flaws ...

Multiple kernel flaws have been fixed ...

Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly A local user could exploit this to read kernel stack memory, leading to a loss of privacy Brad Spengler discovered that stack memory for new a process was not correctly calculated A local attacker could exploit this to crash ...

CWE-400 http://openwall.com/lists/oss-security/2010/11/30/4 http://lkml.org/lkml/2010/11/29/68 https://patchwork.kernel.org/patch/363282/http://openwall.com/lists/oss-security/2010/11/30/7 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc7 http://lkml.org/lkml/2010/11/29/70 http://openwall.com/lists/oss-security/2010/11/29/1 http://www.securityfocus.com/bid/45660 http://secunia.com/advisories/42890 http://www.redhat.com/support/errata/RHSA-2011-0007.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64496 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5478755616ae2ef1ce144dded589b62b2a50d575 https://nvd.nist.gov https://usn.ubuntu.com/1204-1/

CVE-2010-4668

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect