Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4258 — Improper Privilege Management in Kernel

CWE-269 — Improper Privilege Management16 documents7 sources

Severity

6.2MEDIUMNVD

EPSS

5.9%

top 9.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Kernel Fedoraproject Fedora Opensuse +4 more

Timeline

PublishedDec 30

Latest updateMay 13

Description

The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages6 packages

▶NVDlinux/linux_kernel< 2.6.36.2

▶NVDsuse/linux_enterprise_server10, 11, 9+2

▶NVDsuse/linux_enterprise_desktop10, 11+1

▶NVDsuse/linux_enterprise_real_time_extension11

▶NVDsuse/linux_enterprise_software_development_kit10

Also affects: Fedora 13

Patches

Patch: marc.info ↗Patch: lkml.org ↗Patch: marc.info ↗

🔴Vulnerability Details

GHSA

GHSA-vj6j-hh8w-8qxh: The do_exit function in kernel/exit↗2022-05-13

▶

CVEList

CVE-2010-4258: The do_exit function in kernel/exit↗2010-12-30

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation↗2010-12-07

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities (i.MX51)↗2011-07-06

▶

Ubuntu

Linux kernel vulnerabilities↗2011-05-05

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-04-20

▶

Ubuntu

Linux kernel vulnerabilities↗2011-04-05

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

💬Community

Bugzilla

CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [mrg-1.3]↗2010-12-03

▶

Bugzilla

CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path↗2010-12-03

▶

Bugzilla

CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-5.6]↗2010-12-03

▶

Bugzilla

CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-4.8.z]↗2010-12-03

▶