CVE-2010-0453

Name of the Vulnerable Software and Affected Versions Sun Solaris versions 10 and OpenSolaris snv 69 through snv 133

Description The issue allows local users to cause a denial of service, resulting in a system panic. This occurs when a request with a 0 size value is sent to the UCODE GET VERSION IOCTL, triggering a NULL pointer dereference in the ucode get rev function. The problem is related to the retrieval of the microcode revision and affects systems running on x86 architectures.

Recommendations For Sun Solaris versions 10 and OpenSolaris snv 69 through snv 133, consider restricting access to the ucode ioctl function in intel/io/ucode drv.c as a temporary workaround to minimize the risk of exploitation. Avoid using the UCODE GET VERSION IOCTL with a 0 size value until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.