{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-28T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023"}, {"name": "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/01/21/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd"}, {"name": "97103", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97103"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358840"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-5328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df"}, {"name": "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df"}, {"name": "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023"}, {"name": "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35", "refsource": "CONFIRM", "url": "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023"}, {"name": "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/01/21/2"}, {"name": "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd"}, {"name": "97103", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97103"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358840", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358840"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:17:10.194Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023"}, {"name": "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/01/21/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd"}, {"name": "97103", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97103"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358840"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-5328", "datePublished": "2017-02-06T06:04:00", "dateReserved": "2017-01-20T00:00:00", "dateUpdated": "2024-08-07T04:17:10.194Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A17F021-CEC3-4408-ACD2-EE71A3BC67F7", "versionEndIncluding": "2.6.34.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group."}, {"lang": "es", "value": "include/linux/init_task.h en el kernel de Linux en versiones anteriores a 2.6.35 no impide que las se\u00f1ales con un ID de grupo de proceso de cero alcancen el proceso swapper, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) aprovechando el acceso a este grupo de procesos."}], "id": "CVE-2010-5328", "lastModified": "2017-03-29T01:59:00.203", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-06T06:59:00.137", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/21/2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/97103"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358840"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Processes having the same group as `init` can crash kernel", "id": "1358840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358840"}, "csaw": false, "cvss": {"cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "draft"}, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-456", "details": ["include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group.", "A process that is in the same process group as the ''init'' process (group id zero) can crash the Linux kernel with several system calls by passing in a process ID or process group ID of zero; a special value that indicates the current process ID or process group."], "name": "CVE-2010-5328", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2010-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-5328\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5328"], "statement": "This flaw affects Red Hat Enteprise Linux 5 and 6 and is not able to be exploited in the default configuration. Administrators would need to replace the init daemon with alternative systems to exploit this system crash correctly.\nNo update is planned to be released for this flaw.", "threat_severity": "Low"}