7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.643 Medium
EPSS
Percentile
97.8%
Junjiro R. Okajima discovered that knfsd did not correctly handle
strict overcommit. A local attacker could exploit this to crash knfsd,
leading to a denial of service. (Only Ubuntu 6.06 LTS and 8.04 LTS were
affected.) (CVE-2008-7256, CVE-2010-1643)
Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP did
not correctly handle invalid parameters. A remote attacker could send
specially crafted traffic that could crash the system, leading to a
denial of service. (CVE-2010-1173)
Mario Mikocevic discovered that GFS2 did not correctly handle certain
quota structures. A local attacker could exploit this to crash the
system, leading to a denial of service. (Ubuntu 6.06 LTS was not
affected.) (CVE-2010-1436)
Toshiyuki Okajima discovered that the kernel keyring did not correctly
handle dead keyrings. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-1437)
Brad Spengler discovered that Sparc did not correctly implement
non-executable stacks. This made userspace applications vulnerable to
exploits that would have been otherwise blocked due to non-executable
memory protections. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1451)
Dan Rosenberg discovered that the btrfs clone function did not correctly
validate permissions. A local attacker could exploit this to read
sensitive information, leading to a loss of privacy. (Only Ubuntu 9.10
was affected.) (CVE-2010-1636)
Dan Rosenberg discovered that GFS2 set_flags function did not correctly
validate permissions. A local attacker could exploit this to gain
access to files, leading to a loss of privacy and potential privilege
escalation. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1641)
Shi Weihua discovered that btrfs xattr_set_acl function did not
correctly validate permissions. A local attacker could exploit
this to gain access to files, leading to a loss of privacy and
potential privilege escalation. (Only Ubuntu 9.10 and 10.04 LTS were
affected.) (CVE-2010-2071)
Andre Osterhues discovered that eCryptfs did not correctly calculate
hash values. A local attacker with certain uids could exploit this to
crash the system or potentially gain root privileges. (Ubuntu 6.06 LTS
was not affected.) (CVE-2010-2492)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | linux-image-2.6.31-22-server | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | block-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | char-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | crypto-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | fat-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | fb-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | firewire-core-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | floppy-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | fs-core-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
Ubuntu | 9.10 | noarch | fs-secondary-modules-2.6.31-22-generic-di | < 2.6.31-22.61 | UNKNOWN |
ubuntu.com/security/CVE-2008-7256
ubuntu.com/security/CVE-2010-1173
ubuntu.com/security/CVE-2010-1436
ubuntu.com/security/CVE-2010-1437
ubuntu.com/security/CVE-2010-1451
ubuntu.com/security/CVE-2010-1636
ubuntu.com/security/CVE-2010-1641
ubuntu.com/security/CVE-2010-1643
ubuntu.com/security/CVE-2010-2071
ubuntu.com/security/CVE-2010-2492
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.643 Medium
EPSS
Percentile
97.8%