Executive Summary

Informations
Name CVE-2010-4248 First vendor Publication 2010-11-30
Vendor Cve Last vendor Modification 2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.7 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4248

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13709
 
Oval ID: oval:org.mitre.oval:def:13709
Title: USN-1072-1 -- linux vulnerabilities
Description: Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. A local attacker could exploit this to hang the system, leading to a denial of service. It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that Xen did not correctly clean up threads. A local attacker in a guest system could exploit this to exhaust host system resources, leading to a denial of serivce. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the USB subsystem did not correctly initialize certian structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the SiS video driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the ivtv V4L driver did not correctly initialize certian structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the semctl syscall did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. James Bottomley discovered that the ICP vortex storage array controller driver did not validate certain sizes. A local attacker on a 64bit system could exploit this to crash the kernel, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel L2TP implementation contained multiple integer signedness errors. A local attacker could exploit this to to crash the kernel, or possibly gain root privileges. It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service
Family: unix Class: patch
Reference(s): USN-1072-1
CVE-2010-0435
CVE-2010-2943
CVE-2010-3296
CVE-2010-3297
CVE-2010-3448
CVE-2010-3698
CVE-2010-3699
CVE-2010-3858
CVE-2010-3859
CVE-2010-3873
CVE-2010-3875
CVE-2010-3876
CVE-2010-3877
CVE-2010-3880
CVE-2010-4072
CVE-2010-4074
CVE-2010-4078
CVE-2010-4079
CVE-2010-4080
CVE-2010-4081
CVE-2010-4083
CVE-2010-4157
CVE-2010-4160
CVE-2010-4248
Version: 5
Platform(s): Ubuntu 8.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20281
 
Oval ID: oval:org.mitre.oval:def:20281
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4248
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21680
 
Oval ID: oval:org.mitre.oval:def:21680
Title: RHSA-2011:0004: kernel security, bug fix, and enhancement update (Important)
Description: Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c.
Family: unix Class: patch
Reference(s): RHSA-2011:0004-01
CESA-2011:0004
CVE-2010-3432
CVE-2010-3442
CVE-2010-3699
CVE-2010-3858
CVE-2010-3859
CVE-2010-3865
CVE-2010-3876
CVE-2010-3880
CVE-2010-4083
CVE-2010-4157
CVE-2010-4161
CVE-2010-4242
CVE-2010-4247
CVE-2010-4248
Version: 185
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23232
 
Oval ID: oval:org.mitre.oval:def:23232
Title: ELSA-2011:0004: kernel security, bug fix, and enhancement update (Important)
Description: Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c.
Family: unix Class: patch
Reference(s): ELSA-2011:0004-01
CVE-2010-3432
CVE-2010-3442
CVE-2010-3699
CVE-2010-3858
CVE-2010-3859
CVE-2010-3865
CVE-2010-3876
CVE-2010-3880
CVE-2010-4083
CVE-2010-4157
CVE-2010-4161
CVE-2010-4242
CVE-2010-4247
CVE-2010-4248
Version: 61
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28117
 
Oval ID: oval:org.mitre.oval:def:28117
Title: DEPRECATED: ELSA-2011-0004 -- kernel security, bug fix, and enhancement update (important)
Description: [2.6.18-194.32.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb (John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702] - [net] bonding: fix xen+bonding+netconsole panic issue (Joe Jin) [orabug 9504524] - [rds] Patch rds to 1.4.2-14 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki, Chris Mason, Herbert van den Bergh) [orabug 9245919] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - make xenkbd.abs_pointer=1 by default (John Haxby) [orabug 67188919] - fix filp_close() race (Joe Jin) [orabug 10335998]
Family: unix Class: patch
Reference(s): ELSA-2011-0004
CVE-2010-3432
CVE-2010-3442
CVE-2010-3699
CVE-2010-3858
CVE-2010-3859
CVE-2010-3865
CVE-2010-3876
CVE-2010-3880
CVE-2010-4083
CVE-2010-4157
CVE-2010-4161
CVE-2010-4242
CVE-2010-4247
CVE-2010-4248
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1360

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for kernel CESA-2011:0004 centos5 x86_64
File : nvt/gb_CESA-2011_0004_kernel_centos5_x86_64.nasl
2012-06-05 Name : RedHat Update for kernel RHSA-2011:0007-01
File : nvt/gb_RHSA-2011_0007-01_kernel.nasl
2012-03-16 Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2011-09-23 Name : RedHat Update for kernel RHSA-2011:1321-01
File : nvt/gb_RHSA-2011_1321-01_kernel.nasl
2011-09-16 Name : Ubuntu Update for linux-ti-omap4 USN-1202-1
File : nvt/gb_ubuntu_USN_1202_1.nasl
2011-08-12 Name : Ubuntu Update for linux-lts-backport-maverick USN-1187-1
File : nvt/gb_ubuntu_USN_1187_1.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2011:0004 centos5 i386
File : nvt/gb_CESA-2011_0004_kernel_centos5_i386.nasl
2011-07-18 Name : Ubuntu Update for linux USN-1167-1
File : nvt/gb_ubuntu_USN_1167_1.nasl
2011-07-08 Name : Ubuntu Update for linux-fsl-imx51 USN-1164-1
File : nvt/gb_ubuntu_USN_1164_1.nasl
2011-05-06 Name : SuSE Update for kernel SUSE-SA:2011:020
File : nvt/gb_suse_2011_020.nasl
2011-04-22 Name : SuSE Update for kernel SUSE-SA:2011:017
File : nvt/gb_suse_2011_017.nasl
2011-03-07 Name : Ubuntu Update for linux vulnerabilities USN-1080-1
File : nvt/gb_ubuntu_USN_1080_1.nasl
2011-03-07 Name : Ubuntu Update for linux-ec2 vulnerabilities USN-1080-2
File : nvt/gb_ubuntu_USN_1080_2.nasl
2011-03-07 Name : Ubuntu Update for linux vulnerabilities USN-1081-1
File : nvt/gb_ubuntu_USN_1081_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2153-1 (linux-2.6)
File : nvt/deb_2153_1.nasl
2011-02-28 Name : Ubuntu Update for linux vulnerabilities USN-1072-1
File : nvt/gb_ubuntu_USN_1072_1.nasl
2011-02-28 Name : Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1
File : nvt/gb_ubuntu_USN_1073_1.nasl
2011-02-18 Name : Mandriva Update for kernel MDVSA-2011:029 (kernel)
File : nvt/gb_mandriva_MDVSA_2011_029.nasl
2011-01-11 Name : RedHat Update for kernel RHSA-2011:0004-01
File : nvt/gb_RHSA-2011_0004-01_kernel.nasl
2010-12-23 Name : Fedora Update for kernel FEDORA-2010-18506
File : nvt/gb_fedora_2010_18506_kernel_fc13.nasl
2010-12-09 Name : Fedora Update for kernel FEDORA-2010-18493
File : nvt/gb_fedora_2010_18493_kernel_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69578 Linux Kernel kernel/exit.c the __exit_signal Function Thread Group Leader Rac...

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when a race condition in the '__exit_signal' function in 'kernel/exit.c' is exploited to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in 'kernel/posix-cpu-timers.c', and the selection of a new thread group leader in the 'de_thread' function 'in fs/exec.c'.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-10-27 IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi
Severity : Category I - VMSKEY : V0030545

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-110414.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0007.nasl - Type : ACT_GATHER_INFO
2013-03-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1093-1.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1321.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110104_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7384.nasl - Type : ACT_GATHER_INFO
2011-10-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1202-1.nasl - Type : ACT_GATHER_INFO
2011-08-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1187-1.nasl - Type : ACT_GATHER_INFO
2011-07-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1167-1.nasl - Type : ACT_GATHER_INFO
2011-07-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1164-1.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-110413.nasl - Type : ACT_GATHER_INFO
2011-03-25 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7381.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1080-2.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1080-1.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1081-1.nasl - Type : ACT_GATHER_INFO
2011-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1073-1.nasl - Type : ACT_GATHER_INFO
2011-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1072-1.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2153.nasl - Type : ACT_GATHER_INFO
2011-01-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0007.nasl - Type : ACT_GATHER_INFO
2011-01-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18506.nasl - Type : ACT_GATHER_INFO
2010-12-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18493.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/45028
BUGTRAQ http://www.securityfocus.com/archive/1/520102/100/0/threaded
CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e...
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=656264
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
MLIST http://www.openwall.com/lists/oss-security/2010/11/23/2
http://www.openwall.com/lists/oss-security/2010/11/24/9
REDHAT http://www.redhat.com/support/errata/RHSA-2011-0004.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html
SECUNIA http://secunia.com/advisories/42789
http://secunia.com/advisories/42890
http://secunia.com/advisories/46397
VUPEN http://www.vupen.com/english/advisories/2011/0024

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Date Informations
2020-08-01 12:05:43
  • Multiple Updates
2020-07-30 01:05:55
  • Multiple Updates
2020-05-23 01:43:03
  • Multiple Updates
2020-05-23 00:26:55
  • Multiple Updates
2019-01-25 12:03:27
  • Multiple Updates
2018-11-17 12:01:58
  • Multiple Updates
2018-10-30 12:03:43
  • Multiple Updates
2018-10-11 00:20:00
  • Multiple Updates
2016-07-01 11:07:06
  • Multiple Updates
2016-06-29 00:16:16
  • Multiple Updates
2016-06-28 18:22:36
  • Multiple Updates
2016-04-26 20:14:13
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2014-11-27 13:27:49
  • Multiple Updates
2014-06-14 13:29:45
  • Multiple Updates
2014-02-17 10:58:36
  • Multiple Updates
2013-11-11 12:39:05
  • Multiple Updates
2013-05-10 23:36:53
  • Multiple Updates