CVE Database


Impact: Moderate
Public: 2010-11-08
Bugzilla: 651147: CVE-2010-4157 kernel: gdth: integer overflow in ioc_general()
IAVA: 2011-A-0147


The MITRE CVE dictionary describes this issue as:

Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.

Find out more about CVE-2010-4157 from the MITRE CVE dictionary and NIST NVD.


The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not include the vulnerable code, and therefore is not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG may address this flaw.

CVSS v2 metrics

Base Score: 6
Base Metrics: AV:L/AC:H/Au:S/C:C/I:C/A:C
Access Vector: Local
Access Complexity: High
Authentication: Single Instance
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2010:0958 December 08, 2010
Red Hat Enterprise Linux version 4 (kernel) RHSA-2011:0162 January 18, 2011
Red Hat Enterprise Linux version 5 (kernel) RHSA-2011:0004 January 04, 2011

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.