CVE-2010-4258
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2010-4258 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG enabled the panic_on_oops sysctl tunable by default, and therefore are not affected by this issue. However, as a preventive measure (for example, for administrators who have turned panic_on_oops off), this issue was fixed in kernel updates in Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Because the fix was considered as a preventative measure, this CVE is not listed in the related advisories that provided the fix: RHSA-2011:0162, RHSA-2011:0263, RHSA-2011:0017, RHSA-2011:0498, RHSA-2011:0542, RHSA-2011:0330. The fix is documented in each of these advisories as a regular bug fix, for example as BZ#659568 in RHSA-2011:0162.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 6.2 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 1 | realtime-kernel | Will not fix |
| Red Hat Enterprise Linux 6 | kernel | Will not fix |
| Red Hat Enterprise Linux 5 | kernel | Will not fix |
| Red Hat Enterprise Linux 4 | kernel | Will not fix |
Acknowledgements
Red Hat would like to thank Nelson Elhage for reporting this issue.CVE description copyright © 2017, The MITRE Corporation
