CVE-2010-2066 — Kernel vulnerability

9 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 73.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Suse Linux Enterprise High Availability Extension +3 more

Timeline

PublishedSep 8

Latest updateMay 13

Description

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDlinux/linux_kernel< 2.6.35

▶NVDsuse/suse_linux_enterprise_server11

▶NVDsuse/suse_linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_high_availability_extension11

▶NVDvmware/esx4.0, 4.1+1

Also affects: Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-4hcj-wrww-4fg8: The mext_check_arguments function in fs/ext4/move_extent↗2022-05-13

▶

CVEList

CVE-2010-2066: The mext_check_arguments function in fs/ext4/move_extent↗2010-09-08

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2011-03-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-28

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2010-10-19

▶

Red Hat

kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files↗2010-06-02

▶

💬Community

Bugzilla

CVE-2010-2066 kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files↗2010-06-07

▶