CVE-2010-2537 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-2537 PUBLISHED CVSS 7.099999904632568 HIGH

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.

EPSS 0.09% · 25.6th percentile

Risk Scores

CVSS v3.1

7.099999904632568

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score

0.09%

25.6th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	0
suse	suse_linux_enterprise_server	11
n/a	n/a	n/a
suse	suse_linux_enterprise_desktop	11
canonical	ubuntu_linux	10.04, 10.10, 9.10
suse	linux_enterprise_high_availability_extension	11

Timeline

Sep 30, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

USN-1041-1 vendor-advisory
[oss-security] 20100721 Re: CVE request: kernel: btrfs mailing-list
SUSE-SA:2010:040 vendor-advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 url
42758 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=616998 url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2ebc3464781ad24474abcbd2274e6254689853b5 url
ADV-2011-0070 vdb
[oss-security] 20100721 CVE request: kernel: btrfs mailing-list
41847 vdb
https://nvd.nist.gov/vuln/detail/CVE-2010-2537 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5 url

Open in Interactive Console →