VDB
CVE-2010-1146
CVE-2010-1146
PUBLISHED
CVSS 6.900000095367432 MEDIUM
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
EPSS 0.13% · 32.3th percentile
Risk Scores
CVSS 2.0
6.900000095367432
EPSS Score
0.13%
32.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| linux | linux_kernel | 0 |
Exploit Intelligence
- CIRCL confirmed: CVE-2010-1146 (circl-sighting)
- 39316 (circl)
- 12130 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=568041 (circl)
- 63601 (circl)
- 39344 (circl)
- [linux-kernel] 20100408 [PATCH #3] reiserfs: Fix permissions on .reiserfs_priv (circl)
- kernel-reiserfs-privilege-escalation(57782) (circl)
Timeline
- Apr 9, 2010 PoC Published
- Apr 12, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- 39316 third-party-advisory
- 12130 exploit
- https://bugzilla.redhat.com/show_bug.cgi?id=568041 url
- 63601 vdb
- 39344 vdb
- [linux-kernel] 20100408 [PATCH #3] reiserfs: Fix permissions on .reiserfs_priv mailing-list
- kernel-reiserfs-privilege-escalation(57782) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2010-1146 advisory