#VU92617 Improper control of generation of code ('code injection') in Linux kernel - CVE-2010-2240

Cybersecurity Help s.r.o.

Published: 2010-09-03 | Updated: 2023-02-13

Vulnerability identifier: #VU92617

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2010-2240

CWE-ID: CWE-94

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper control of generation of code ('code injection') error. A local user can execute arbitrary code.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19
https://bugzilla.redhat.com/show_bug.cgi?id=606611
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2
https://rhn.redhat.com/errata/RHSA-2010-0661.html
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52
https://securitytracker.com/id?1024344
https://www.mandriva.com/security/advisories?name=MDVSA-2010:172
https://www.debian.org/security/2010/dsa-2094
https://www.redhat.com/support/errata/RHSA-2010-0660.html
https://www.redhat.com/support/errata/RHSA-2010-0670.html
https://www.mandriva.com/security/advisories?name=MDVSA-2010:198
https://www.redhat.com/support/errata/RHSA-2010-0882.html
https://www.vmware.com/security/advisories/VMSA-2011-0007.html
https://lists.vmware.com/pipermail/security-announce/2011/000133.html
https://www.vmware.com/security/advisories/VMSA-2011-0009.html
https://www.mandriva.com/security/advisories?name=MDVSA-2011:051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247
https://www.securityfocus.com/archive/1/517739/100/0/threaded
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320b2b8de12698082609ebbc1a17165727f4c893

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper control of generation of code ('code injection') in Linux kernel