CVE-2010-4347
published 2010-12-22CVE-2010-4347: The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by…
medium6.9CVSS 3.1
AVLACMAuNCCICAC
EXPLOIT
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | < 2.6.36.2 | 2.6.36.2 |
| linux | linux_kernel | <= 2.6.9 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 3.11.0-12.19 | 3.11.0-12.19 |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_real_time_extension | — | — |
CVSS provenance
nvd6.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM