CVE-2010-1643
7.7 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.7%
mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=731572d39fcd3498702eda4600db4c43d51e0b26
lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
secunia.com/advisories/40645
vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666
www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3
www.mandriva.com/security/advisories?name=MDVSA-2010:198
www.openwall.com/lists/oss-security/2010/05/26/2
www.openwall.com/lists/oss-security/2010/05/26/6
www.securityfocus.com/bid/40377
www.vupen.com/english/advisories/2010/1857
bugzilla.redhat.com/show_bug.cgi?id=595970
exchange.xforce.ibmcloud.com/vulnerabilities/58957
Social References
More
Related
7.7 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.7%