CVE-2010-2943

high

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

References

Advisories
More

https://bugzilla.redhat.com/show_bug.cgi?id=624923

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

http://www.ubuntu.com/usn/USN-1057-1

http://www.ubuntu.com/usn/USN-1041-1

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.openwall.com/lists/oss-security/2010/08/19/5

http://www.openwall.com/lists/oss-security/2010/08/18/2

http://support.avaya.com/css/P8/documents/100113326

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188

Details

Source: Mitre, NVD

Published: 2010-09-30

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.03499