CVE-2010-4347

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed3aada1bf34c5a9e98af167f125f8a740fc726a

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

http://openwall.com/lists/oss-security/2010/12/15/3

http://openwall.com/lists/oss-security/2010/12/15/7

http://secunia.com/advisories/42778

http://www.exploit-db.com/exploits/15774/

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2

http://www.securityfocus.com/bid/45408

http://www.vupen.com/english/advisories/2011/0012

http://www.vupen.com/english/advisories/2011/0298

https://bugzilla.redhat.com/show_bug.cgi?id=663542

https://exchange.xforce.ibmcloud.com/vulnerabilities/64155

Details

Source: MITRE

Published: 2010-12-22

Updated: 2020-08-14

Type: CWE-269

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
75553openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)NessusSuSE Local Security Checks
high