CVE-2010-3081

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly...

Basic Information

CVE State
PUBLISHED
Reserved Date
August 20, 2010
Published Date
September 24, 2010
Last Updated
August 07, 2024
Vendor
Linux
Product
Linux Kernel
Description
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
Tags
linux

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2010-09-24 19:00:00 UTC) Source

References

http://www.vmware.com/security/advisories/VMSA-2010-0017.html http://isc.sans.edu/diary.html?storyid=9574 http://www.vupen.com/english/advisories/2010/3083 http://www.vupen.com/english/advisories/2010/3117 http://sota.gen.nz/compat1/ http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 https://access.redhat.com/kb/docs/DOC-40265 http://www.securityfocus.com/archive/1/514938/30/30/threaded http://secunia.com/advisories/42384 http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://www.redhat.com/support/errata/RHSA-2010-0842.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:247 http://www.vupen.com/english/advisories/2011/0298 http://www.redhat.com/support/errata/RHSA-2010-0882.html http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://blog.ksplice.com/2010/09/cve-2010-3081/ http://secunia.com/advisories/43315 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6 http://www.redhat.com/support/errata/RHSA-2010-0758.html http://www.securityfocus.com/archive/1/516397/100/0/threaded https://bugzilla.redhat.com/show_bug.cgi?id=634457 http://www.mandriva.com/security/advisories?name=MDVSA-2010:214 http://marc.info/?l=oss-security&m=128461522230211&w=2

Known Exploited Vulnerability Information

Source Added Date
CVE 2010-09-24 19:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel