CVE-2010-1643 — Vulnetix

CVE-2010-1643 PUBLISHED CVSS 6.900000095367432 MEDIUM

mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.

EPSS 0.05% · 17.0th percentile

Risk Scores

CVSS 2.0

6.900000095367432

EPSS Score

0.05%

17.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
linux	linux_kernel	0, 2.6.0, 2.6.1

Exploit Intelligence

…and 2 more exploits

Timeline

Jun 3, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

[oss-security] 20100526 Re: CVE request - kernel: nfsd: fix vm overcommit crash mailing-list
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=731572d39fcd3498702eda4600db4c43d51e0b26 url
[oss-security] 20100526 CVE request - kernel: nfsd: fix vm overcommit crash mailing-list
SUSE-SA:2010:031 vendor-advisory
MDVSA-2010:198 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=595970 url
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3 url
40645 third-party-advisory
linux-kernel-knfsd-dos(58957) vdb
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666 url
40377 vdb
ADV-2010-1857 vdb
https://nvd.nist.gov/vuln/detail/CVE-2010-1643 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26 url

Open in Interactive Console →