CVE-2010-0299 : openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain pr

openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors.

Published 2010-02-22 18:30:01

Updated 2023-02-13 02:21:06

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-0299

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0299

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-0299

CWE-264

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2010-0299

Red Hat 2010-03-12

Not vulnerable. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include support for Devtmpfs, and therefore are not affected by this issue.

References for CVE-2010-0299

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html

[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2010-0299