2.1

CVE-2010-4346

The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.37
LinuxLinux Kernel Version2.6.37 Update-
LinuxLinux Kernel Version2.6.37 Updaterc1
LinuxLinux Kernel Version2.6.37 Updaterc2
LinuxLinux Kernel Version2.6.37 Updaterc3
LinuxLinux Kernel Version2.6.37 Updaterc4
LinuxLinux Kernel Version2.6.37 Updaterc5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.148
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://openwall.com/lists/oss-security/2010/12/09/12
Patch
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2010/12/09/13
Patch
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2010/12/10/2
Patch
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2010/12/10/3
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/45323
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=662189
Patch
Third Party Advisory
Issue Tracking
https://lkml.org/lkml/2010/12/9/222
Patch
Third Party Advisory
Mailing List