{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-12-10T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SA:2011:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"}, {"name": "42778", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42778"}, {"name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "42801", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42801"}, {"name": "43551", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43551"}, {"name": "SUSE-SA:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638085"}, {"name": "SUSE-SA:2011:001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"}, {"name": "42932", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42932"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6"}, {"name": "15150", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/15150/"}, {"name": "[oss-security] 20100928 CVE request - kernel: pktcdvd ioctl dev_minor missing range check", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/28/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29"}, {"name": "ADV-2011-0124", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0124"}, {"name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "SUSE-SA:2010:060", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"}, {"name": "RHSA-2010:0842", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"}, {"name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"name": "MDVSA-2011:051", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"}, {"name": "[oss-security] 20100928 Re: CVE request - kernel: pktcdvd ioctl dev_minor missing range check", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/28/6"}, {"tags": ["x_refsource_MISC"], "url": "http://jon.oberheide.org/files/cve-2010-3437.c"}, {"name": "ADV-2011-0012", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0012"}, {"name": "MDVSA-2011:029", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"}, {"name": "DSA-2126", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2126"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:11:43.945Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SA:2011:004", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"}, {"name": "42778", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42778"}, {"name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "42801", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42801"}, {"name": "43551", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/43551"}, {"name": "SUSE-SA:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638085"}, {"name": "SUSE-SA:2011:001", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"}, {"name": "42932", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42932"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6"}, {"name": "15150", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/15150/"}, {"name": "[oss-security] 20100928 CVE request - kernel: pktcdvd ioctl dev_minor missing range check", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/28/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29"}, {"name": "ADV-2011-0124", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0124"}, {"name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "SUSE-SA:2010:060", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"}, {"name": "RHSA-2010:0842", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"}, {"name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"name": "MDVSA-2011:051", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"}, {"name": "[oss-security] 20100928 Re: CVE request - kernel: pktcdvd ioctl dev_minor missing range check", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/28/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jon.oberheide.org/files/cve-2010-3437.c"}, {"name": "ADV-2011-0012", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0012"}, {"name": "MDVSA-2011:029", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"}, {"name": "DSA-2126", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2126"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-3437", "datePublished": "2010-10-04T20:00:00", "dateReserved": "2010-09-17T00:00:00", "dateUpdated": "2024-08-07T03:11:43.945Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8DCE5E2-B055-4F05-8F0F-F19D1B7BA8D7", "versionEndExcluding": "2.6.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*", "matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*", "matchCriteriaId": "DBE26099-6D2C-4FAF-B15C-CBF985D59171", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*", "matchCriteriaId": "F2C193FF-3723-4BE9-8787-DED7D455FA8F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*", "matchCriteriaId": "F874FE6A-968D-47E1-900A-E154E41EDAF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*", "matchCriteriaId": "14B7B8AE-CE83-4F0E-9138-6F165D97C19F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc5:*:*:*:*:*:*", "matchCriteriaId": "B434ACFB-2B01-491A-B2E5-40FA0E11B3B1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call."}, {"lang": "es", "value": "Error de presencia de signo en entero en la funci\u00f3n pkt_find_dev_from_minor de drivers/block/pktcdvd.c del kernl de Linux en versiones anteriores a la 2.6.36-rc6 permite a usuarios locales obtener informaci\u00f3n confidencial de la memoria del kernel o provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de referencia a puntero inv\u00e1lido y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un valor de \u00edndice modificado en una llamada ioctl PKT_CTRL_CMD_STATUS."}], "id": "CVE-2010-3437", "lastModified": "2023-02-13T04:24:34.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-04T21:00:04.877", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://jon.oberheide.org/files/cve-2010-3437.c"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42778"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42801"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42932"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2126"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/15150/"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/09/28/2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/09/28/6"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/43551"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0012"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0124"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638085"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Dan Rosenberg for reporting this issue.", "affected_release": [{"advisory": "RHSA-2010:0842", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-71.7.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2010-11-10T00:00:00Z"}], "bugzilla": {"description": "kernel: pktcdvd ioctl dev_minor missing range check", "id": "638085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638085"}, "csaw": false, "cvss": {"cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "status": "verified"}, "details": ["Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call."], "name": "CVE-2010-3437", "public_date": "2010-09-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-3437\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3437"], "statement": "The Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 did not include support for Packet writing layer for ATAPI and SCSI disc media devices, and therefore are not affected by this issue. The Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG only allow root access to the \"/dev/pktcdvd/control\" file, and therefore are also not affected by this issue.", "threat_severity": "Moderate"}