Vulnerability Description
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 2.6.35 |
| Suse | Linux Enterprise Desktop | 10 |
| Suse | Linux Enterprise Server | 10 |
| Suse | Linux Enterprise Software Development Kit | 10 |
| Debian | Debian Linux | 5.0 |
| Canonical | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- http://archives.free.net.ph/message/20100616.130710.301704aa.en.htmlBroken Link
- http://archives.free.net.ph/message/20100616.135735.40f53a32.en.htmlBroken Link
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing ListThird Party Advisory
- http://marc.info/?l=oss-security&m=127677135609357&w=2Third Party Advisory
- http://marc.info/?l=oss-security&m=127687486331790&w=2Third Party Advisory
- http://secunia.com/advisories/43315Third Party Advisory
- http://www.debian.org/security/2010/dsa-2094Third Party Advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35Broken Link
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:198Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0610.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/516397/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/40920Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-1000-1Third Party Advisory
FAQ
What is CVE-2010-2226?
CVE-2010-2226 is a vulnerability with a CVSS score of 2.1 (LOW). The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write ac...
How severe is CVE-2010-2226?
CVE-2010-2226 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2226?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Debian Debian Linux.