{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-03T00:00:00", "descriptions": [{"lang": "en", "value": "The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-03-26T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-914-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-914-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7"}, {"name": "ADV-2010-0638", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0638"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.kernel.org/show_bug.cgi?id=14256"}, {"name": "MDVSA-2010:088", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"}, {"name": "38922", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38922"}, {"name": "SUSE-SA:2010:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc"}, {"name": "[oss-security] 20100211 Re: CVE request - kernel: futex: Handle user space corruption gracefully", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/02/11/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0623", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-914-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-914-1"}, {"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7"}, {"name": "ADV-2010-0638", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0638"}, {"name": "http://bugzilla.kernel.org/show_bug.cgi?id=14256", "refsource": "CONFIRM", "url": "http://bugzilla.kernel.org/show_bug.cgi?id=14256"}, {"name": "MDVSA-2010:088", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"}, {"name": "38922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38922"}, {"name": "SUSE-SA:2010:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc"}, {"name": "[oss-security] 20100211 Re: CVE request - kernel: futex: Handle user space corruption gracefully", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/02/11/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:52:19.627Z"}, "title": "CVE Program Container", "references": [{"name": "USN-914-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-914-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7"}, {"name": "ADV-2010-0638", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0638"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.kernel.org/show_bug.cgi?id=14256"}, {"name": "MDVSA-2010:088", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"}, {"name": "38922", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38922"}, {"name": "SUSE-SA:2010:018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc"}, {"name": "[oss-security] 20100211 Re: CVE request - kernel: futex: Handle user space corruption gracefully", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/02/11/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0623", "datePublished": "2010-02-15T18:00:00", "dateReserved": "2010-02-11T00:00:00", "dateUpdated": "2024-08-07T00:52:19.627Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A01490AB-675E-4BA1-916D-F2A0D6CB27FD", "versionEndExcluding": "2.6.33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:-:*:*:*:*:*:*", "matchCriteriaId": "EF818826-D9F2-42F9-9638-9609513561A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc1:*:*:*:*:*:*", "matchCriteriaId": "2DB53511-E1B0-4F81-BE9E-B52E84E9C30E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc2:*:*:*:*:*:*", "matchCriteriaId": "207306A0-19F5-4E49-945C-A5E4DD442459", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc3:*:*:*:*:*:*", "matchCriteriaId": "1DE43C00-5967-44A1-ACEB-B7AF66EEBB53", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc4:*:*:*:*:*:*", "matchCriteriaId": "B33B5E4B-FCB3-4343-B992-F0ADB853754B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc5:*:*:*:*:*:*", "matchCriteriaId": "D7295BBE-A9E3-44F6-9DD6-0FD6C2591E11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc6:*:*:*:*:*:*", "matchCriteriaId": "B220EA3F-55B3-4B6E-8285-B28ADEF50138", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem."}, {"lang": "es", "value": "La funci\u00f3n futex_lock_pi en kernel/futex.c en el kernel de Linux anterior a 2.6.33-rc7 no maneja adecuadamente determinadas cuentas de referencia, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (OOPS) a trav\u00e9s de vectores que involucran el desmontado del sistema de ficheros ext3."}], "id": "CVE-2010-0623", "lastModified": "2023-11-07T02:05:07.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-15T18:30:00.830", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://bugzilla.kernel.org/show_bug.cgi?id=14256"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38922"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/02/11/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-914-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0638"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This security issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not include the upstream change that introduced this flaw.", "lastModified": "2010-03-12T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: local DoS via futex_lock_pi", "id": "566023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566023"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "draft"}, "details": ["The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem."], "name": "CVE-2010-0623", "public_date": "2010-02-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-0623\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-0623"], "statement": "Not vulnerable. This security issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not include the upstream change that introduced this flaw.", "threat_severity": "Low"}