CVE-2010-3015 | AttackerKB

Description

Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

linux

Products

References

Canonical

CVE-2010-3015 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3015)

BID-42477 (http://www.securityfocus.com/bid/42477)

Advisory

XF-kernel-stacksize-dos(61156) (https://exchange.xforce.ibmcloud.com/vulnerabilities/61156)

http://www.redhat.com/support/errata/RHSA-2010-0723.html

USN-1000-1 (http://www.ubuntu.com/usn/USN-1000-1)

ADV-2010-3117 (http://www.vupen.com/english/advisories/2010/3117)

20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (http://www.securityfocus.com/archive/1/520102/100/0/threaded)

SECUNIA-46397 (http://secunia.com/advisories/46397)

[oss-security] 20100817 Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks() (http://marc.info?l=oss-security&m=128201627016896&w=2)

[oss-security] 20100816 CVE request - kernel: integer overflow in ext4_ext_get_blocks() (http://marc.info?l=oss-security&m=128192548904503&w=2)

[oss-security] 20100816 Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks() (http://marc.info?l=oss-security&m=128197862004376&w=2)

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

https://bugzilla.redhat.com/show_bug.cgi?id=624327

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:247

ADV-2011-0298 (http://www.vupen.com/english/advisories/2011/0298)

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

http://support.avaya.com/css/P8/documents/100113326

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34

DSA-2094 (http://www.debian.org/security/2010/dsa-2094)

http://www.mandriva.com/security/advisories?name=MDVSA-2011:029

http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731eb1a03a8445cde2cb23ecfb3580c6fa7bb690

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:172

Rapid7

Technical Analysis