2.1
CVE-2010-2226
- EPSS 0.43%
- Veröffentlicht 03.09.2010 20:00:03
- Zuletzt bearbeitet 16.06.2026 23:20:20
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.35
Suse ≫ Linux Enterprise Desktop Version10 Updatesp3
Suse ≫ Linux Enterprise Server Version10 Updatesp3
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp3
Debian ≫ Debian Linux Version5.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.345 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://secunia.com/advisories/43315
http://www.redhat.com/support/errata/RHSA-2010-0610.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.debian.org/security/2010/dsa-2094
http://www.ubuntu.com/usn/USN-1000-1
http://www.vupen.com/english/advisories/2011/0298
http://archives.free.net.ph/message/20100616.130710.301704aa.en.html
http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
http://marc.info/?l=oss-security&m=127677135609357&w=2
http://marc.info/?l=oss-security&m=127687486331790&w=2
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
http://www.securityfocus.com/bid/40920
https://bugzilla.redhat.com/show_bug.cgi?id=605158