Vulnerability Details : CVE-2010-2943
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
Vulnerability category: Information leak
Threat overview for CVE-2010-2943
Top countries where our scanners detected CVE-2010-2943
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2010-2943 2,374
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-2943!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-2943
Probability of exploitation activity in the next 30 days: 2.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2943
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2010-2943
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2943
-
http://support.avaya.com/css/P8/documents/100113326
ASA-2010-291 (RHSA-2010-0723)Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2010/08/18/2
oss-security - CVE request - kernel: xfs: stale data exposureMailing List;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=624923
624923 – (CVE-2010-2943) CVE-2010-2943 kernel: xfs: validate inode numbers in file handles correctlyIssue Tracking;Patch;Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d
-
http://www.securityfocus.com/archive/1/520102/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
VMSA-2011-0012.3Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1057-1
USN-1057-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1041-1
USN-1041-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188
-
http://www.openwall.com/lists/oss-security/2010/08/19/5
oss-security - Re: CVE request - kernel: xfs: stale data exposureMailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/42527
XFS Deleted Inode Local Information Disclosure VulnerabilityExploit;Third Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa
Products affected by CVE-2010-2943
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_communication_manager:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_presence_services:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_presence_services:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_presence_services:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_session_manager:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_session_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_manager:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_manager:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_platform:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_platform:6.0:-:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_platform:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:avaya:iq:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:iq:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_voice_portal:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_voice_portal:5.1:-:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_voice_portal:5.1:sp1:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:-:*:*:*