4.7

CVE-2010-4668

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.37
LinuxLinux Kernel Version2.6.37 Update-
LinuxLinux Kernel Version2.6.37 Updaterc1
LinuxLinux Kernel Version2.6.37 Updaterc2
LinuxLinux Kernel Version2.6.37 Updaterc3
LinuxLinux Kernel Version2.6.37 Updaterc4
LinuxLinux Kernel Version2.6.37 Updaterc5
LinuxLinux Kernel Version2.6.37 Updaterc6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.181
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.7 3.4 6.9
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://secunia.com/advisories/42890
Third Party Advisory
Vendor Advisory
http://openwall.com/lists/oss-security/2010/11/29/1
Patch
Third Party Advisory
Mailing List
http://lkml.org/lkml/2010/11/29/68
Patch
Third Party Advisory
Mailing List
http://lkml.org/lkml/2010/11/29/70
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2010/11/30/4
Patch
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2010/11/30/7
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/45660
Third Party Advisory
VDB Entry
https://patchwork.kernel.org/patch/363282/
Patch
Third Party Advisory