CVE-2010-4162 — MEDIUM (4.7)

Q: What is CVE-2010-4162?

CVE-2010-4162 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.

Q: How severe is CVE-2010-4162?

CVE-2010-4162 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-4162?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.

Vulnerability Description

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.

CVSS Score

4.7

MEDIUM

AV:L/AC:M/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.36.2
Fedoraproject	Fedora	13
Opensuse	Opensuse	11.2
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Real Time Extension	11
Suse	Linux Enterprise Server	10
Suse	Linux Enterprise Software Development Kit	10

Related Weaknesses (CWE)

CWE-190

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.hThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/11/10/18Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/11/12/2Mailing ListThird Party Advisory
http://secunia.com/advisories/42745Third Party Advisory
http://secunia.com/advisories/42778Third Party Advisory
http://secunia.com/advisories/42801Third Party Advisory
http://secunia.com/advisories/42890Third Party Advisory
http://secunia.com/advisories/42932Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2Broken Link

FAQ

What is CVE-2010-4162?

CVE-2010-4162 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.

How severe is CVE-2010-4162?

CVE-2010-4162 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-4162?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.