CVE-2010-3301

Published: Sep 22, 2010Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Affected (9)

Products: Linux: Linux Kernel · Suse: Linux Enterprise Real Time Extension · Canonical: Ubuntu Linux

Linux

1 product

Linux Kernel

Suse

1 product

Linux Enterprise Real Time Extension

Canonical

1 product

Ubuntu Linux

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 2.6.36
Linux Linux Kernel	Version 2.6.36
Linux Linux Kernel	Version 2.6.36 rc1
Linux Linux Kernel	Version 2.6.36 rc2
Linux Linux Kernel	Version 2.6.36 rc3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Real Time Extension	Version 11 sp1

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 10.10
Canonical Ubuntu Linux	Version 9.10

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (34)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74de

Source: secalert@redhat.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eefdca043e8391dcd719711716492063030b55ac

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://secunia.com/advisories/42758

Source: secalert@redhat.com

Third Party Advisory

http://sota.gen.nz/compat2/

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:247

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2010/09/16/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2010/09/16/3

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0842.html

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-1041-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/3117

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0070

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0298

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=634449

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74de