CVE-2010-4707 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-4707 PUBLISHED

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.

EPSS 0.10% · 26.4th percentile

Risk Scores

EPSS Score

0.10%

26.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Sep 16, 2010 PoC Published
Jan 24, 2011 CVE Published
Sep 6, 2015 PoC Published
Oct 9, 2020 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Aug 31, 2022 PoC Published
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10661 advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10657 advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10658 advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10659 advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10660 advisory
http://www.vmware.com/security/advisories/VMSA-2010-0017.html url
http://isc.sans.edu/diary.html?storyid=9574 url
ADV-2010-3083 vdb
ADV-2010-3117 vdb
http://sota.gen.nz/compat1/ url
MDVSA-2010:198 vendor-advisory
https://access.redhat.com/kb/docs/DOC-40265 url
20101130 VMSA-2010-0017 VMware ESX third party update for Service Console kerne mailing-list
42384 third-party-advisory
20100916 Workaround for Ac1db1tch3z exploit. mailing-list
SUSE-SA:2011:007 vendor-advisory
RHSA-2010:0842 vendor-advisory
MDVSA-2010:247 vendor-advisory
ADV-2011-0298 vdb
RHSA-2010:0882 vendor-advisory

…and 13 more

Open in Interactive Console →