Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2943

CWE-200 — Information Exposure13 documents7 sources

Severity

8.1HIGH

EPSS

3.8%

top 11.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel Avaya Aura Communication Manager Avaya Aura Presence Services +7 more

Timeline

PublishedSep 30

Latest updateMay 13

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages9 packages

▶NVDlinux/linux_kernel< 2.6.35

▶NVDavaya/iq5.0, 5.1+1

▶NVDvmware/esx4.0, 4.1+1

▶NVDavaya/aura_voice_portal5.0, 5.1+1

▶NVDavaya/aura_system_manager4 versions+3

Also affects: Ubuntu Linux 10.04, 10.10, 6.06, 9.10

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-hm34-64r3-w24r: The xfs implementation in the Linux kernel before 2↗2022-05-13

▶

CVEList

CVE-2010-2943: The xfs implementation in the Linux kernel before 2↗2010-09-30

▶

💥Exploits & PoCs

Exploit-DB

XFS - Deleted Inode Local Information Disclosure↗2010-09-29

▶

📋Vendor Advisories

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

Ubuntu

Linux kernel vulnerabilities↗2011-03-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-28

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

💬Community

Bugzilla

CVE-2010-2943 kernel: xfs: validate inode numbers in file handles correctly↗2010-08-18

▶