PT-2010-4424 · Linux+1 · Linux Kernel+1
Eugene Teo
·
Published
2010-09-29
·
Updated
2023-02-13
·
CVE-2010-2943
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 2.6.35
Description
The issue allows remote authenticated users to read unlinked files or read and overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file. This is achieved by accessing a stale NFS filehandle due to the xfs implementation not looking up inode allocation btrees before reading inode buffers.
Recommendations
For Linux kernel versions prior to 2.6.35, update to version 2.6.35 or later to resolve the issue.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Red Hat