| Vulnerability Name: | CVE-2010-2226 (CCN-59589) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2010-06-17 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2010-06-17 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N) 1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
2.6 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: secalert@redhat.com Type: Broken Link secalert@redhat.com Source: secalert@redhat.com Type: Broken Link secalert@redhat.com Source: MITRE Type: CNA CVE-2010-2226 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Linux Kernel GIT Repository xfs: prevent swapping from operating on write-only files Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: RHSA-2010-0610 Important: kernel security and bug fix update Source: CCN Type: SA40205 Linux Kernel XFS xfs_swapext() Security Bypass Source: CCN Type: SA43315 VMware ESX Server Multiple Kernel Vulnerabilities Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: DEBIAN Type: DSA-2094 linux-2.6 -- privilege escalation/denial of service/information leak Source: CCN Type: The Linux Kernel Archives Web site The Linux Kernel Archives Source: secalert@redhat.com Type: Broken Link secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: OSVDB ID: 65631 Linux Kernel fs/xfs/xfs_dfrag.c xfs_swapext() Function Crafted IOCTL Local Access Permission Bypass Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory, VDB Entry secalert@redhat.com Source: CCN Type: BID-40920 Linux Kernel XSF 'SWAPEXT' IOCTL Local Information Disclosure Vulnerability Source: secalert@redhat.com Type: Third Party Advisory, VDB Entry secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 605158 CVE-2010-2226 kernel: xfs swapext ioctl minor security issue Source: secalert@redhat.com Type: Issue Tracking, Third Party Advisory secalert@redhat.com Source: XF Type: UNKNOWN linux-kernel-xfsswapext-sec-bypass(59589) Source: SUSE Type: SUSE-SA:2010:046 openSUSE 11.2 kernel security update Source: SUSE Type: SUSE-SA:2010:060 Linux kernel security update Source: SUSE Type: SUSE-SA:2011:007 Linux realtime kernel security update | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||