CVE-2010-1636
published 2010-06-08CVE-2010-1636: The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.83%
52.9th percentile
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat2.1LOW
vendor_ubuntu1.2LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5c4j-r3xw-v7jr: The btrfs_ioctl_clone function in fs/btrfs/ioctl
ghsa_unreviewed·2022-05-17
CVE-2010-1636 [LOW] CWE-200 GHSA-5c4j-r3xw-v7jr: The btrfs_ioctl_clone function in fs/btrfs/ioctl
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2010-08-04·CVSS 1.2
CVE-2008-7256 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple security flaws.
Junjiro R. Okajima discovered that knfsd did not correctly handle
strict overcommit. A local attacker could exploit this to crash knfsd,
leading to a denial of service. (Only Ubuntu 6.06 LTS and 8.04 LTS were
affected.) (CVE-2008-7256, CVE-2010-1643)
Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP did
not correctly handle invalid parameters. A remote attacker could send
specially crafted traffic that could crash the system, leading to a
denial of service. (CVE-2010-1173)
Mario Mikocevic discovered that GFS2 did not correctly handle certain
quota structures. A local attacker could exploit this to crash the
system, leading to a denial of service. (Ubuntu 6.06 LTS was not
affected.) (CVE-2010-1436)
Toshi
Red Hat
kernel: btrfs: check for read permission on src file in the clone ioctl
vendor_redhat·CVSS 2.1
CVE-2010-1636 [LOW] kernel: btrfs: check for read permission on src file in the clone ioctl
kernel: btrfs: check for read permission on src file in the clone ioctl
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor.
No detection rules found.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395http://www.openwall.com/lists/oss-security/2010/05/18/10http://www.openwall.com/lists/oss-security/2010/05/18/2http://www.openwall.com/lists/oss-security/2010/05/25/8https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585https://bugzilla.redhat.com/show_bug.cgi?id=593226http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395http://www.openwall.com/lists/oss-security/2010/05/18/10http://www.openwall.com/lists/oss-security/2010/05/18/2http://www.openwall.com/lists/oss-security/2010/05/25/8https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585https://bugzilla.redhat.com/show_bug.cgi?id=593226
2010-06-08
Published