7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.0%
Dan Rosenberg discovered that IPC structures were not correctly initialized
on 64bit systems. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4073)
Steve Chen discovered that setsockopt did not correctly check MSS values. A
local attacker could make a specially crafted socket call to crash the
system, leading to a denial of service. (CVE-2010-4165)
Vladymyr Denysov discovered that Xen virtual CD-ROM devices were not
handled correctly. A local attacker in a guest could make crafted blkback
requests that would crash the host, leading to a denial of service.
(CVE-2010-4238)
Vegard Nossum discovered that memory garbage collection was not handled
correctly for active sockets. A local attacker could exploit this to
allocate all available kernel memory, leading to a denial of service.
(CVE-2010-4249)
Dan Carpenter discovered that the Infiniband driver did not correctly
handle certain requests. A local user could exploit this to crash the
system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)
Dan Rosenberg discovered that XFS did not correctly initialize memory. A
local attacker could make crafted ioctl calls to leak portions of kernel
stack memory, leading to a loss of privacy. (CVE-2011-0711)
Timo Warns discovered that MAC partition parsing routines did not correctly
calculate block counts. A local attacker with physical access could plug in
a specially crafted block device to crash the system or potentially gain
root privileges. (CVE-2011-1010)
Neil Horman discovered that NFSv4 did not correctly handle certain orders
of operation with ACL data. A remote attacker with access to an NFSv4 mount
could exploit this to crash the system, leading to a denial of service.
(CVE-2011-1090)
Vasiliy Kulikov discovered that the netfilter code did not check certain
strings copied from userspace. A local attacker with netfilter access could
exploit this to read kernel memory or crash the system, leading to a denial
of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)
Vasiliy Kulikov discovered that the Acorn Universal Networking driver did
not correctly initialize memory. A remote attacker could send specially
crafted traffic to read kernel stack memory, leading to a loss of privacy.
(CVE-2011-1173)
Vasiliy Kulikov discovered that taskstats listeners were not correctly
handled. A local attacker could expoit this to exhaust memory and CPU
resources, leading to a denial of service. (CVE-2011-2484)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | linux-image-2.6.24-29-sparc64 | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | acpi-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | block-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | crypto-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | fat-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | fb-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | firewire-core-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | floppy-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | fs-core-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
Ubuntu | 8.04 | noarch | fs-secondary-modules-2.6.24-29-generic-di | < 2.6.24-29.92 | UNKNOWN |
ubuntu.com/security/CVE-2010-4073
ubuntu.com/security/CVE-2010-4165
ubuntu.com/security/CVE-2010-4238
ubuntu.com/security/CVE-2010-4249
ubuntu.com/security/CVE-2010-4649
ubuntu.com/security/CVE-2011-0711
ubuntu.com/security/CVE-2011-1010
ubuntu.com/security/CVE-2011-1044
ubuntu.com/security/CVE-2011-1090
ubuntu.com/security/CVE-2011-1170
ubuntu.com/security/CVE-2011-1171
ubuntu.com/security/CVE-2011-1172
ubuntu.com/security/CVE-2011-1173
ubuntu.com/security/CVE-2011-2484
ubuntu.com/security/CVE-2011-2534
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.0%