Lucene search

K
cve[email protected]CVE-2010-2066
HistorySep 08, 2010 - 8:00 p.m.

CVE-2010-2066

2010-09-0820:00:02
web.nvd.nist.gov
47
linux kernel
privilege escalation
move_ext ioctl
security vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

Affected configurations

NVD
Node
linuxlinux_kernelRange<2.6.35
Node
vmwareesxMatch4.0
OR
vmwareesxMatch4.1
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch8.04
OR
canonicalubuntu_linuxMatch9.04
OR
canonicalubuntu_linuxMatch9.10
OR
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch10.10
Node
suselinux_enterprise_high_availability_extensionMatch11sp1
OR
susesuse_linux_enterprise_desktopMatch11sp1
OR
susesuse_linux_enterprise_serverMatch11sp1

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%