CVE-2010-4157

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.36.1 kernel-kdumppae-debuginfo (affected versions not specified) kernel-devel-2.6.9 kernel-doc-2.6.9 kernel-hugemem-2.6.9 kernel-2.6.9 kernel-largesmp-2.6.9 kernel-smp-devel-2.6.9 kernel-smp-2.6.9 kernel-largesmp-devel-2.6.9 kernel-hugemem-devel-2.6.9 kernel-smp-devel-2.6.9 kernel-largesmp-devel-2.6.9

Description The issue is related to multiple vulnerabilities in the Linux kernel, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A specific vulnerability is an integer overflow in the ioc general function in drivers/scsi/gdth.c, allowing local users to cause a denial of service or possibly have other impacts via a large argument in an ioctl call.

Recommendations For Linux kernel versions prior to 2.6.36.1, update to version 2.6.36.1 or later to resolve the issue. For kernel-kdumppae-debuginfo, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For kernel-devel-2.6.9, kernel-doc-2.6.9, kernel-hugemem-2.6.9, kernel-2.6.9, kernel-largesmp-2.6.9, kernel-smp-devel-2.6.9, kernel-smp-2.6.9, kernel-largesmp-devel-2.6.9, kernel-hugemem-devel-2.6.9, and kernel-smp-devel-2.6.9, consider disabling the vulnerable functions or restricting access to the affected kernel modules until a patch is available.