CVE-2010-2226 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure9 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 70.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Debian Linux +3 more

Timeline

PublishedSep 3

Latest updateMay 13

Description

The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.35

▶NVDsuse/linux_enterprise_server10

▶NVDsuse/linux_enterprise_desktop10

▶NVDsuse/linux_enterprise_software_development_kit10

Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-2fg3-h938-jr6f: The xfs_swapext function in fs/xfs/xfs_dfrag↗2022-05-13

▶

CVEList

CVE-2010-2226: The xfs_swapext function in fs/xfs/xfs_dfrag↗2010-09-03

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2011-03-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-28

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2010-10-19

▶

Red Hat

kernel: xfs swapext ioctl minor security issue↗2010-06-17

▶

💬Community

Bugzilla

CVE-2010-2226 kernel: xfs swapext ioctl minor security issue↗2010-06-17

▶