CVE-2010-3437

Published: Oct 4, 2010Modified: Apr 29, 2026

6.6

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:C

Exploitability: 3.9 / Impact: 9.2

Source: NVD

Description

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.

Affected (23)

Products: Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server, Linux Enterprise Software Development Kit · +2 more

Show all products

Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server, Linux Enterprise Software Development Kit · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

4 products

Linux Enterprise Desktop

Linux Enterprise Real Time Extension

Linux Enterprise Server

Linux Enterprise Software Development Kit

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 2.6.36
Linux Linux Kernel	Version 2.6.36
Linux Linux Kernel	Version 2.6.36 rc1
Linux Linux Kernel	Version 2.6.36 rc2
Linux Linux Kernel	Version 2.6.36 rc3
Linux Linux Kernel	Version 2.6.36 rc4
Linux Linux Kernel	Version 2.6.36 rc5

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.2
Opensuse Opensuse	Version 11.3
Suse Linux Enterprise Desktop	Version 10 sp3
Suse Linux Enterprise Desktop	Version 11 sp1
Suse Linux Enterprise Real Time Extension	Version 11 sp1
Suse Linux Enterprise Server	Version 10 sp3
Suse Linux Enterprise Server	Version 11 sp1
Suse Linux Enterprise Server	Version 9
Suse Linux Enterprise Software Development Kit	Version 10 sp3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 5.0

Configuration D

6 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 10.10
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (48)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29

Source: secalert@redhat.com

http://jon.oberheide.org/files/cve-2010-3437.c

Source: secalert@redhat.com

ExploitThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://secunia.com/advisories/42778

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/42801

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/42932

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2010/dsa-2126

Source: secalert@redhat.com

Third Party Advisory

http://www.exploit-db.com/exploits/15150/

Source: secalert@redhat.com

ExploitThird Party AdvisoryVDB Entry

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2011:029

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2010/09/28/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2010/09/28/6

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0842.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/43551

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1000-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0012

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0124

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0298

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=638085

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29