CVE - CVE-2010-3081

CVE-ID
CVE-2010-3081	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20100916 Ac1db1tch3z vs x86_64 Linux Kernel URL:http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html MISC:20100916 Workaround for Ac1db1tch3z exploit. URL:http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html MISC:20101130 VMSA-2010-0017 VMware ESX third party update for Service Console kerne URL:http://www.securityfocus.com/archive/1/514938/30/30/threaded MISC:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded MISC:42384 URL:http://secunia.com/advisories/42384 MISC:43315 URL:http://secunia.com/advisories/43315 MISC:ADV-2010-3083 URL:~~http://www.vupen.com/english/advisories/2010/3083~~ (Obsolete source) MISC:ADV-2010-3117 URL:~~http://www.vupen.com/english/advisories/2010/3117~~ (Obsolete source) MISC:ADV-2011-0298 URL:~~http://www.vupen.com/english/advisories/2011/0298~~ (Obsolete source) MISC:MDVSA-2010:198 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:198~~ (Obsolete source) MISC:MDVSA-2010:214 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:214~~ (Obsolete source) MISC:MDVSA-2010:247 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:247~~ (Obsolete source) MISC:RHSA-2010:0758 URL:http://www.redhat.com/support/errata/RHSA-2010-0758.html MISC:RHSA-2010:0842 URL:http://www.redhat.com/support/errata/RHSA-2010-0842.html MISC:RHSA-2010:0882 URL:http://www.redhat.com/support/errata/RHSA-2010-0882.html MISC:SUSE-SA:2010:050 URL:http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html MISC:SUSE-SA:2011:007 URL:http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html MISC:SUSE-SR:2010:017 URL:http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html MISC:[oss-security] 20100916 CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow URL:http://marc.info/?l=oss-security&m=128461522230211&w=2 MISC:http://blog.ksplice.com/2010/09/cve-2010-3081/ URL:http://blog.ksplice.com/2010/09/cve-2010-3081/ MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6 URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6 MISC:http://isc.sans.edu/diary.html?storyid=9574 URL:http://isc.sans.edu/diary.html?storyid=9574 MISC:http://sota.gen.nz/compat1/ URL:http://sota.gen.nz/compat1/ MISC:http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log URL:http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log MISC:http://www.vmware.com/security/advisories/VMSA-2010-0017.html URL:http://www.vmware.com/security/advisories/VMSA-2010-0017.html MISC:http://www.vmware.com/security/advisories/VMSA-2011-0003.html URL:http://www.vmware.com/security/advisories/VMSA-2011-0003.html MISC:https://access.redhat.com/kb/docs/DOC-40265 URL:https://access.redhat.com/kb/docs/DOC-40265 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=634457 URL:https://bugzilla.redhat.com/show_bug.cgi?id=634457
Assigning CNA
Red Hat, Inc.
Date Record Created
20100820	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100820)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)