Vulnerability Details : CVE-2010-2226
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
Vulnerability category: Information leak
Threat overview for CVE-2010-2226
Top countries where our scanners detected CVE-2010-2226
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2010-2226 2,374
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-2226!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-2226
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2226
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2010-2226
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2226
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
404: File not foundBroken Link
-
http://www.ubuntu.com/usn/USN-1000-1
USN-1000-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/40920
Linux Kernel XSF 'SWAPEXT' IOCTL Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
[security-announce] SUSE Security Announcement: Realtime Linux Kernel (SMailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0610.html
SupportThird Party Advisory
-
http://marc.info/?l=oss-security&m=127687486331790&w=2
'Re: [oss-security] CVE request - kernel: xfs swapext ioctl issue' - MARCThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=605158
605158 – (CVE-2010-2226) CVE-2010-2226 kernel: xfs swapext ioctl minor security issueIssue Tracking;Third Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
VMSA-2011-0003.2Third Party Advisory
-
http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html
Lurker - Database message source pull failureBroken Link
-
http://www.debian.org/security/2010/dsa-2094
Debian -- Security Information -- DSA-2094-1 linux-2.6Third Party Advisory
-
http://www.vupen.com/english/advisories/2011/0298
Webmail | OVH- OVHThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
mandriva.comThird Party Advisory
-
http://www.securityfocus.com/archive/1/516397/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20Mailing List;Third Party Advisory
-
http://archives.free.net.ph/message/20100616.130710.301704aa.en.html
Lurker - Database message source pull failureBroken Link
-
http://marc.info/?l=oss-security&m=127677135609357&w=2
'[oss-security] CVE request - kernel: xfs swapext ioctl issue' - MARCThird Party Advisory
Products affected by CVE-2010-2226
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*