VDB
CVE-2010-2960
CVE-2010-2960
PUBLISHED
CVSS 7.800000190734863 HIGH
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.
EPSS 0.10% · 27.3th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.10%
27.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| suse | suse_linux_enterprise_server | 11 |
| linux | linux_kernel | 0 |
| canonical | ubuntu_linux | 8.04, 9.10, 10.04 |
| n/a | n/a | n/a |
| suse | suse_linux_enterprise_desktop | 11 |
Exploit Intelligence
- USN-1000-1 (circl)
- [oss-security] 20100902 CVE-2010-2960 kernel: keyctl_session_to_parent null ptr deref (circl)
- linux-kernel-keyctl-dos(61557) (circl)
- 42932 (circl)
- SUSE-SA:2011:007 (circl)
- ADV-2011-0298 (circl)
- 41263 (circl)
- SUSE-SA:2010:050 (circl)
- http://twitter.com/taviso/statuses/22777866582 (circl)
- 1024384 (circl)
…and 1 more exploits
Timeline
- Sep 8, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- USN-1000-1 vendor-advisory
- [oss-security] 20100902 CVE-2010-2960 kernel: keyctl_session_to_parent null ptr deref mailing-list
- linux-kernel-keyctl-dos(61557) vdb
- 42932 vdb
- SUSE-SA:2011:007 vendor-advisory
- ADV-2011-0298 vdb
- 41263 third-party-advisory
- SUSE-SA:2010:050 vendor-advisory
- http://twitter.com/taviso/statuses/22777866582 url
- 1024384 vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=627440 url
- https://nvd.nist.gov/vuln/detail/CVE-2010-2960 advisory