National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2010-0291 Detail

Current Description

The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."

Source:  MITRE
Description Last Modified:  02/15/2010
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 4.6 MEDIUM
Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) (V2 legend)
Impact Subscore: 6.4
Exploitability Subscore: 3.9


Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial
Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0067bd8a55862ac9dd212bd1c4f6f5bff1ca1301 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05d72faa6d13c9d857478a5d35c85db9adada685 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=097eed103862f9c6a97f2e415e21d1134017b135 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0ec62d290912bb4b989be7563851bc364ec73b56 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a0ef85f84feb13f07b604fcf5b90ef7c2b5c82f Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2c6a10161d0b5fc047b5bd81b03693b9af99fab5 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ea1d13f64efdf49319e86c87d9ba38c30902782 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=54f5de709984bae0d31d823ff03de755f9dcac54 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=564b3bffc619dcbdd160de597b0547a7017ea010 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=570dcf2c15463842e384eb597a87c1e39bead99b Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8c7b49b3ecd48923eb64ff57e07a1cdb74782970 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9206de95b1ea68357996ec02be5db0638a0de2c1 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=935874141df839c706cd6cdc438e85eb69d1525e Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=aa65607373a4daf2010e8c3867b6317619f3c1a3 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bb52d6694002b9d632bb355f64daa045c6293a4e Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c4caa778157dbbf04116f0ac2111e389b5cd7a29 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e77414e0aad6a1b063ba5e5750c582c75327ea6a Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecc1a8993751de4e82eb18640d631dae1f626bd6 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f106af4e90eadd76cfc0b5325f659619e08fb762 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f8b7256096a20436f6d0926747e3ac3d64c81d24 Vendor Advisory
http://groups.google.co.jp/group/fa.linux.kernel/browse_thread/thread/8bf22336b1082090 Third Party Advisory
http://groups.google.com/group/linux.kernel/msg/895f20870532241e Third Party Advisory
http://marc.info/?l=linux-arch&m=126004438008670&w=2 Third Party Advisory
http://marc.info/?l=oss-security&m=126388181420690&w=2 Mailing List Third Party Advisory
http://marc.info/?l=oss-security&m=126393370931972&w=2 Mailing List Third Party Advisory
http://marc.info/?l=oss-security&m=126395874130875&w=2 Mailing List Third Party Advisory
http://marc.info/?l=oss-security&m=126396065732697&w=2 Mailing List Third Party Advisory
http://marc.info/?l=oss-security&m=126396609004884&w=2 Mailing List Third Party Advisory
http://marc.info/?l=oss-security&m=126399980216047&w=2 Mailing List Third Party Advisory
http://marc.info/?l=oss-security&m=126400443123998&w=2 Mailing List Third Party Advisory
http://marc.info/?l=oss-security&m=126406814304720&w=2 Mailing List Third Party Advisory
http://www.debian.org/security/2010/dsa-1996 Third Party Advisory
http://www.debian.org/security/2010/dsa-2005 Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4 Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0161.html Third Party Advisory
http://www.securityfocus.com/archive/1/516397/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/37906 Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0003.html Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=556703 Issue Tracking Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11824 Third Party Advisory

References to Check Content

Identifier:
oval:org.mitre.oval:def:11824
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11824

Technical Details

Vulnerability Type (View All)

  • Permissions, Privileges, and Access Control (CWE-264)

Change History

4 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2010-0291
NVD Published Date:
02/15/2010
NVD Last Modified:
11/16/2018