CVE-2010-2226
6.9 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.5%
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
References
archives.free.net.ph/message/20100616.130710.301704aa.en.html
archives.free.net.ph/message/20100616.135735.40f53a32.en.html
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63
lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
marc.info/?l=oss-security&m=127677135609357&w=2
marc.info/?l=oss-security&m=127687486331790&w=2
secunia.com/advisories/43315
www.debian.org/security/2010/dsa-2094
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
www.mandriva.com/security/advisories?name=MDVSA-2010:198
www.redhat.com/support/errata/RHSA-2010-0610.html
www.securityfocus.com/archive/1/516397/100/0/threaded
www.securityfocus.com/bid/40920
www.ubuntu.com/usn/USN-1000-1
www.vmware.com/security/advisories/VMSA-2011-0003.html
www.vupen.com/english/advisories/2011/0298
bugzilla.redhat.com/show_bug.cgi?id=605158
Related
6.9 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.5%