Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2010-3301 — Incorrect Conversion between Numeric Types in Kernel
Severity
7.2HIGHNVD
EPSS
6.6%
top 8.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Timeline
PublishedSep 22
Latest updateMay 13
Description
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
CVSS vector
AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0
Affected Packages2 packages
Also affects: Ubuntu Linux 10.04, 10.10, 9.10
Patches
🔴Vulnerability Details
2💥Exploits & PoCs
1Exploit-DB
▶