CVE-2010-2946 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-2946 PUBLISHED CVSS 2.0999999046325684 LOW

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.

EPSS 0.04% · 10.4th percentile

Risk Scores

CVSS v2.0

2.0999999046325684

EPSS Score

0.04%

10.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
canonical	ubuntu_linux	6.06, 8.04, 9.04
linux	linux_kernel	0

Timeline

Sep 29, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

USN-1000-1 vendor-advisory
[oss-security] 20100820 Re: CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others mailing-list
SUSE-SA:2010:040 vendor-advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 url
SUSE-SA:2011:007 vendor-advisory
SUSE-SA:2010:060 vendor-advisory
ADV-2011-0298 vdb
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.51 url
MDVSA-2011:051 vendor-advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2 url
42589 vdb
ADV-2011-0375 vdb
[oss-security] 20100820 CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others mailing-list
SUSE-SA:2011:008 vendor-advisory
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.10 url
43291 third-party-advisory
41321 third-party-advisory
SUSE-SA:2010:054 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2010-2946 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 url

Open in Interactive Console →