CVE - CVE-2010-4668

CVE-ID
CVE-2010-4668	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:45660 URL:http://www.securityfocus.com/bid/45660 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5478755616ae2ef1ce144dded589b62b2a50d575 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc7 CONFIRM:https://patchwork.kernel.org/patch/363282/ MLIST:[linux-kernel] 20101129 Re: [PATCH] block: check for proper length of iov entries earlier in blk_rq_map_user_iov() URL:http://lkml.org/lkml/2010/11/29/70 MLIST:[linux-kernel] 20101129 [PATCH] block: check for proper length of iov entries earlier in blk_rq_map_user_iov() URL:http://lkml.org/lkml/2010/11/29/68 MLIST:[oss-security] 20101129 Re: CVE request: kernel: Multiple DoS issues in block layer URL:http://openwall.com/lists/oss-security/2010/11/29/1 MLIST:[oss-security] 20101130 Re: CVE request: kernel: Multiple DoS issues in block layer URL:http://openwall.com/lists/oss-security/2010/11/30/4 MLIST:[oss-security] 20101130 Re: CVE request: kernel: Multiple DoS issues in block layer URL:http://openwall.com/lists/oss-security/2010/11/30/7 REDHAT:RHSA-2011:0007 URL:http://www.redhat.com/support/errata/RHSA-2011-0007.html SECUNIA:42890 URL:http://secunia.com/advisories/42890 XF:linux-blkrqmapuseriov-dos(64496) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64496
Assigning CNA
MITRE Corporation
Date Record Created
20110103	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110103)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)