CVE-2010-4157

Impact:
Moderate
Public Date:
2010-11-08
IAVA:
2011-A-0147
CWE:
CWE-190
Bugzilla:
651147: CVE-2010-4157 kernel: gdth: integer overflow in ioc_general()

The MITRE CVE dictionary describes this issue as:

Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.

Find out more about CVE-2010-4157 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not include the vulnerable code, and therefore is not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG may address this flaw.

CVSS v2 metrics

Base Score 6
Base Metrics AV:L/AC:H/Au:S/C:C/I:C/A:C
Access Vector Local
Access Complexity High
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2010:0958 2010-12-08
Red Hat Enterprise Linux 4 (kernel) RHSA-2011:0162 2011-01-18
Red Hat Enterprise Linux 5 (kernel) RHSA-2011:0004 2011-01-04

Mitigation

Last Modified

CVE description copyright © 2017, The MITRE Corporation