Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2010-1437

Disclosure Date: May 07, 2010 •

CVE-2010-1437 CVSS v3 Base Score: 7.0

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.0 High

Impact Score:

5.9

Exploitability Score:

1

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Products

References

Canonical

CVE-2010-1437 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437)

BID-39719 (http://www.securityfocus.com/bid/39719)

Advisory

[oss-security] 20100427 CVE request - kernel: find_keyring_by_name() can gain the freed keyring (http://www.openwall.com/lists/oss-security/2010/04/27/2)

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

[linux-kernel] 20100503 Re: [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring (http://marc.info?l=linux-kernel&m=127292492727029&w=2)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715

https://patchwork.kernel.org/patch/94664

XF-kernel-findkeyringbyname-dos(58254) (https://exchange.xforce.ibmcloud.com/vulnerabilities/58254)

[linux-kernel] 20100422 [PATCH 0/1][BUG][IMPORTANT] KEYRINGS: find_keyring_by_name() can gain the freed keyring (http://marc.info?l=linux-kernel&m=127192182917857&w=2)

http://www.redhat.com/support/errata/RHSA-2010-0474.html

SECUNIA-40645 (http://secunia.com/advisories/40645)

SECUNIA-43315 (http://secunia.com/advisories/43315)

[linux-kernel] 20100430 [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring (http://marc.info?l=linux-kernel&m=127274294622730&w=2)

https://patchwork.kernel.org/patch/94038

[oss-security] 20100427 Re: CVE request - kernel: find_keyring_by_name() can gain the freed keyring (http://www.openwall.com/lists/oss-security/2010/04/28/2)

SECUNIA-40218 (http://secunia.com/advisories/40218)

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

https://bugzilla.redhat.com/show_bug.cgi?id=585094

DSA-2053 (http://www.debian.org/security/2010/dsa-2053)

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (http://www.securityfocus.com/archive/1/516397/100/0/threaded)

SECUNIA-39830 (http://secunia.com/advisories/39830)

ADV-2010-1857 (http://www.vupen.com/english/advisories/2010/1857)

Miscellaneous

https://access.redhat.com/errata/RHSA-2010:0631

https://access.redhat.com/errata/RHSA-2010:0474

https://access.redhat.com/errata/RHSA-2010:0504

http://marc.info/?l=linux-kernel&m=127192182917857&w=2

http://marc.info/?l=linux-kernel&m=127274294622730&w=2

http://marc.info/?l=linux-kernel&m=127292492727029&w=2

https://access.redhat.com/security/cve/CVE-2010-1437

https://patchwork.kernel.org/patch/94038/

https://patchwork.kernel.org/patch/94664/

Rapid7

Technical Analysis