CVE-2010-3079

CVSS v3.1 5.5 (Medium)

CVSS v2.0 4.9 (Medium)

EPSS 0.04 % (5^th)

Affected Products 5

Advisories 17

kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2010-09-30 15:00:02
(14 years ago)
Updated Date: 2023-02-13 04:22:04
(19 months ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 2.6.35.5 version	cpe:2.3:o:linux:linux_kernel		< 2.6.35.5

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 9.10	cpe:2.3:o:canonical:ubuntu_linux:9.10
	Canonical Ubuntu Linux 10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:::*:-
	Canonical Ubuntu Linux 10.10	cpe:2.3:o:canonical:ubuntu_linux:10.10

Configuration #3

		CPE23	From	Up To
	Suse Linux Enterprise Desktop 11	cpe:2.3:o:suse:linux_enterprise_desktop:11:-
	Suse Linux Enterprise High Availability Extension 11 SP1	cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1
	Suse Linux Enterprise Server 11	cpe:2.3:o:suse:linux_enterprise_server:11:-