CVE-2010-3301 — Vulnetix

CVE-2010-3301 PUBLISHED

Reported by redhat · Published September 22, 2010

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=634449 (nist-nvd)
Linux_Exploit_CVE_2010_3301.yar (github-yara)
Linux_Exploit_CVE_2010_3301.yar (github-yara)
Linux_Exploit_CVE_2010_3301.yar (github-yara)

Timeline

Sep 22, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Jul 29, 2022 PoC Published
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score

References

[oss-security] 20100916 Re: CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability mailing-listx_refsource_MLIST
[oss-security] 20100916 CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability mailing-listx_refsource_MLIST
ADV-2010-3117 vdb-entryx_refsource_VUPEN
x_refsource_CONFIRM
MDVSA-2010:198 vendor-advisoryx_refsource_MANDRIVA
x_refsource_MISC
USN-1041-1 vendor-advisoryx_refsource_UBUNTU
SUSE-SA:2011:007 vendor-advisoryx_refsource_SUSE
RHSA-2010:0842 vendor-advisoryx_refsource_REDHAT
MDVSA-2010:247 vendor-advisoryx_refsource_MANDRIVA
ADV-2011-0298 vdb-entryx_refsource_VUPEN
x_refsource_CONFIRM
42758 third-party-advisoryx_refsource_SECUNIA
SUSE-SR:2010:017 vendor-advisoryx_refsource_SUSE
x_refsource_CONFIRM
ADV-2011-0070 vdb-entryx_refsource_VUPEN
x_refsource_CONFIRM

Open in Interactive Console →