CVE-2010-5331 - OpenCVE

In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0031c41be5c529f8329e327b63cde92ba1284842
https://github.com/torvalds/linux/commit/0031c41be5c529f8329e327b63cde92ba1284842
https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34
https://nvd.nist.gov/vuln/detail/CVE-2010-5331
https://support.f5.com/csp/article/K33183814?utm_source=f5support&amp%3Butm_medium=RSS
https://www.cve.org/CVERecord?id=CVE-2010-5331

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-27T21:38:21

Updated: 2024-08-07T04:17:10.427Z

Reserved: 2019-07-27T00:00:00

Link: CVE-2010-5331

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-27T22:15:11.090

Modified: 2024-08-07T05:16:09.660

Link: CVE-2010-5331

Redhat

Severity : Moderate

Publid Date: 2019-07-27T00:00:00Z

Links: CVE-2010-5331 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-20T16:17:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/0031c41be5c529f8329e327b63cde92ba1284842"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0031c41be5c529f8329e327b63cde92ba1284842"}, {"tags": ["x_refsource_MISC"], "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K33183814?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-5331", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/torvalds/linux/commit/0031c41be5c529f8329e327b63cde92ba1284842", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/0031c41be5c529f8329e327b63cde92ba1284842"}, {"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0031c41be5c529f8329e327b63cde92ba1284842", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0031c41be5c529f8329e327b63cde92ba1284842"}, {"name": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34", "refsource": "MISC", "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"}, {"name": "https://support.f5.com/csp/article/K33183814?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K33183814?utm_source=f5support&utm_medium=RSS"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:17:10.427Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/0031c41be5c529f8329e327b63cde92ba1284842"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0031c41be5c529f8329e327b63cde92ba1284842"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K33183814?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-5331", "datePublished": "2019-07-27T21:38:21", "dateReserved": "2019-07-27T00:00:00", "dateUpdated": "2024-08-07T04:17:10.427Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BA10979-D59C-4A33-ACC8-A110A5ACFF74", "versionEndExcluding": "2.6.34", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used"}, {"lang": "es", "value": "** EN DISPUTA ** En el kernel de Linux anterior a la versi\u00f3n 2.6.34, un problema de verificaci\u00f3n de rango en drivers / gpu / drm / radeon / atombios.c podr\u00eda causar un problema de apagado por uno (desbordamiento del b\u00fafer). NOTA: Al menos un mantenedor de Linux cree que este CVE est\u00e1 asignado incorrectamente y debe rechazarse porque el valor est\u00e1 codificado y no es controlable por el usuario donde se usa."}], "id": "CVE-2010-5331", "lastModified": "2024-08-07T05:16:09.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-27T22:15:11.090", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0031c41be5c529f8329e327b63cde92ba1284842"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/0031c41be5c529f8329e327b63cde92ba1284842"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K33183814?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: range check issue in drivers/gpu/drm/radeon/atombios.c leads to buffer overflow", "id": "1743598", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743598"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-193->CWE-120", "details": ["In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used", "A vulnerability was found in the Linux kernel where a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one buffer overflow problem. It has been determined that this flaw is cannot be influenced by an attacker."], "name": "CVE-2010-5331", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-07-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-5331\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5331"], "statement": "Red Hat will not be fixing this flaw as it has been analyzed as not affecting any version of Linux.", "threat_severity": "Moderate"}