CVE-2010-3437

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise kernel-vmipae-debuginfo versions prior to 2.6.36-rc6 SUSE Linux Enterprise kernel-kdumppae-debuginfo versions prior to 2.6.36-rc6

Description The issue is related to multiple vulnerabilities in the Linux kernel, specifically an integer signedness error in the pkt find dev from minor function in drivers/block/pktcdvd.c. This error allows local users to obtain sensitive information from kernel memory or cause a denial of service via a crafted index value in a PKT CTRL CMD STATUS ioctl call. The vulnerabilities can be exploited remotely, potentially leading to a disruption of protected information.

Recommendations For SUSE Linux Enterprise kernel-vmipae-debuginfo versions prior to 2.6.36-rc6, update to version 2.6.36-rc6 or later to resolve the issue. For SUSE Linux Enterprise kernel-kdumppae-debuginfo versions prior to 2.6.36-rc6, update to version 2.6.36-rc6 or later to resolve the issue. As a temporary workaround, consider restricting access to the pktcdvd module to minimize the risk of exploitation.