{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2012-06-21T23:00:00Z"}, "references": [{"name": "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/06/18"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7572777eef78ebdee1ecb7c258c0ef94d35bad16"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667892"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.964Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/01/06/18"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7572777eef78ebdee1ecb7c258c0ef94d35bad16"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667892"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4650", "state": "PUBLISHED", "dateReserved": "2011-01-03T00:00:00Z", "datePublished": "2012-06-21T23:00:00Z", "dateUpdated": "2024-08-07T03:51:17.964Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C03086A2-8EEE-40E3-9A7F-A5303FBF0472", "versionEndIncluding": "2.6.36.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36.1:*:*:*:*:*:*:*", "matchCriteriaId": "907A3F7F-B11D-4CF1-A1B2-A28BBEBF03C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36.2:*:*:*:*:*:*:*", "matchCriteriaId": "EE4657B8-B691-4833-8546-220AD2BA8A7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36.3:*:*:*:*:*:*:*", "matchCriteriaId": "A2455F37-66D8-4BE1-8739-1A20A2E5375D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la funci\u00f3n fuse_do_ioctl en fs/fusible/file.c en versiones del kernel de Linux anteriores a v2.6.37 permite a usuarios locales provocar una denegaci\u00f3n de servicio o posiblemente tener un impacto no especificado mediante el aprovechamiento de la capacidad de operar un servidor CUSE."}], "id": "CVE-2010-4650", "lastModified": "2023-02-13T03:21:31.763", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-21T23:55:01.740", "references": [{"source": "secalert@redhat.com", "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7572777eef78ebdee1ecb7c258c0ef94d35bad16"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/06/18"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667892"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: fuse: verify ioctl retries", "id": "667892", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667892"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "draft"}, "details": ["Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server."], "name": "CVE-2010-4650", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2010-11-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-4650\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4650"], "statement": "This issue did not affect the versions of Linux kernel as shipped with Red\nHat Enterprise Linux 4 and 5 as they did not backport the upstream commit\n59efec7b that introduced this issue. It did not affect the version of Linux\nkernel as shipped with Red hat Enterprise MRG as it did not provide support\nfor Character device in Userspace (CUSE). A future kernel update in Red Hat\nEnterprise Linux 6 may address this flaw. Note that, by default, the\n\"/dev/cuse\" file in Red Hat Enterprise Linux 6 is only accessible by the\nroot user."}