Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-0622 | First vendor Publication | 2010-02-15 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20241 | |||
Oval ID: | oval:org.mitre.oval:def:20241 | ||
Title: | DSA-2003-1 linux-2.6 - several vulnerabilities | ||
Description: | NOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. A final update that includes fixes for these issues in the 2.6.24 kernel is also in preparation and will be released shortly. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2003-1 CVE-2009-3080 CVE-2009-3726 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4536 CVE-2010-0007 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20551 | |||
Oval ID: | oval:org.mitre.oval:def:20551 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0622 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7532 | |||
Oval ID: | oval:org.mitre.oval:def:7532 | ||
Title: | DSA-2005 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak | ||
Description: | NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release "etch". Although security support for "etch" officially ended on Feburary 15th, 2010, this update was already in preparation before that date. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Steve Beattie and Kees Cook reported an information leak in the maps and smaps files available under /proc. Local users may be able to read this data for setuid processes while the ELF binary is being loaded. Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. Joe Malicki discovered an issue in the megaraid_sas driver. Insufficient permissions on the sysfs dbg_lvl interface allow local users to modify the debug logging behavior. Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition. Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service and potentially an escalation of privileges. Jay Fenlason discovered an issue in the firewire stack that allows local users to cause a denial of service by making a specially crafted ioctl call. Ted Ts’o discovered an issue in the ext4 filesystem that allows local users to cause a denial of service. For this to be exploitable, the local user must have sufficient privileges to mount a filesystem. Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted Ethernet frames. Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service or obtain elevated privileges. Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service. Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service or gain access to sensitive kernel memory. Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service . | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2005 CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726 CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6.24 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9655 | |||
Oval ID: | oval:org.mitre.oval:def:9655 | ||
Title: | The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. | ||
Description: | The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0622 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-03-15 | Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an... File : nvt/gb_VMSA-2010-0016.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2010:0504 centos5 i386 File : nvt/gb_CESA-2010_0504_kernel_centos5_i386.nasl |
2010-10-19 | Name : Mandriva Update for kernel MDVSA-2010:198 (kernel) File : nvt/gb_mandriva_MDVSA_2010_198.nasl |
2010-09-27 | Name : Mandriva Update for kernel MDVSA-2010:188 (kernel) File : nvt/gb_mandriva_MDVSA_2010_188.nasl |
2010-07-02 | Name : RedHat Update for kernel RHSA-2010:0504-01 File : nvt/gb_RHSA-2010_0504-01_kernel.nasl |
2010-05-04 | Name : Mandriva Update for kernel MDVSA-2010:088 (kernel) File : nvt/gb_mandriva_MDVSA_2010_088.nasl |
2010-03-22 | Name : SuSE Update for kernel SUSE-SA:2010:016 File : nvt/gb_suse_2010_016.nasl |
2010-03-22 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-914-1 File : nvt/gb_ubuntu_USN_914_1.nasl |
2010-03-16 | Name : Debian Security Advisory DSA 2012-1 (linux-2.6) File : nvt/deb_2012_1.nasl |
2010-03-12 | Name : Mandriva Update for rsnapshot MDVA-2010:088 (rsnapshot) File : nvt/gb_mandriva_MDVA_2010_088.nasl |
2010-03-05 | Name : SuSE Update for kernel SUSE-SA:2010:014 File : nvt/gb_suse_2010_014.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 2003-1 (linux-2.6) File : nvt/deb_2003_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62380 | Linux Kernel kernel/futex.c wake_futex_pi Function Local DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0504.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100701_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0016.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-198.nasl - Type : ACT_GATHER_INFO |
2010-09-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-188.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-088.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0504.nasl - Type : ACT_GATHER_INFO |
2010-07-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0504.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1804.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100317.nasl - Type : ACT_GATHER_INFO |
2010-03-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-914-1.nasl - Type : ACT_GATHER_INFO |
2010-03-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2012.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100223.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100223.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2005.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2003.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:12:46 |
|
2024-02-01 12:03:30 |
|
2023-11-07 21:47:37 |
|
2023-09-05 12:11:54 |
|
2023-09-05 01:03:21 |
|
2023-09-02 12:11:56 |
|
2023-09-02 01:03:23 |
|
2023-08-12 12:14:09 |
|
2023-08-12 01:03:22 |
|
2023-08-11 12:11:59 |
|
2023-08-11 01:03:31 |
|
2023-08-06 12:11:32 |
|
2023-08-06 01:03:24 |
|
2023-08-04 12:11:37 |
|
2023-08-04 01:03:26 |
|
2023-07-14 12:11:33 |
|
2023-07-14 01:03:24 |
|
2023-03-29 01:13:14 |
|
2023-03-28 12:03:30 |
|
2022-10-11 12:10:18 |
|
2022-10-11 01:03:12 |
|
2022-03-11 01:08:36 |
|
2021-05-04 12:11:09 |
|
2021-04-22 01:11:42 |
|
2020-08-11 12:04:54 |
|
2020-08-08 01:04:56 |
|
2020-08-07 12:05:00 |
|
2020-08-01 12:04:58 |
|
2020-07-30 01:05:07 |
|
2020-05-23 01:41:41 |
|
2020-05-23 00:25:18 |
|
2019-01-25 12:03:04 |
|
2018-11-17 12:01:35 |
|
2018-10-30 12:03:17 |
|
2018-10-11 00:19:47 |
|
2017-09-19 09:23:39 |
|
2016-07-01 11:06:44 |
|
2016-06-29 00:11:05 |
|
2016-06-28 18:02:35 |
|
2016-04-26 19:35:32 |
|
2016-03-05 13:26:42 |
|
2014-11-27 13:27:41 |
|
2014-02-17 10:53:57 |
|
2013-11-11 12:38:38 |
|
2013-05-10 23:18:46 |
|