CVE Vulnerabilities

CVE-2010-0307

Published: Feb 17, 2010 | Modified: Nov 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.7 MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
4.9 MODERATE
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V3
Ubuntu

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * *
MRG for RHEL-5 RedHat kernel-rt-0:2.6.33.7-rt29.45.el5rt *
Red Hat Enterprise Linux 4 RedHat kernel-0:2.6.9-89.0.23.EL *
Red Hat Enterprise Linux 5 RedHat kernel-0:2.6.18-194.3.1.el5 *
Linux Ubuntu hardy *
Linux Ubuntu intrepid *
Linux Ubuntu jaunty *
Linux Ubuntu karmic *
Linux Ubuntu upstream *
Linux-source-2.6.15 Ubuntu dapper *
Linux-source-2.6.15 Ubuntu upstream *

References