Public Date:
659567: CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path

The MITRE CVE dictionary describes this issue as:

The do_exit function in kernel/exit.c in the Linux kernel before does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.

Find out more about CVE-2010-4258 from the MITRE CVE dictionary dictionary and NIST NVD.


The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG enabled the panic_on_oops sysctl tunable by default, and therefore are not affected by this issue. However, as a preventive measure (for example, for administrators who have turned panic_on_oops off), this issue was fixed in kernel updates in Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Because the fix was considered as a preventative measure, this CVE is not listed in the related advisories that provided the fix: RHSA-2011:0162, RHSA-2011:0263, RHSA-2011:0017, RHSA-2011:0498, RHSA-2011:0542, RHSA-2011:0330. The fix is documented in each of these advisories as a regular bug fix, for example as BZ#659568 in RHSA-2011:0162.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 6.2
Base Metrics AV:L/AC:H/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 1 realtime-kernel Will not fix
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Will not fix
Red Hat Enterprise Linux 4 kernel Will not fix


Red Hat would like to thank Nelson Elhage for reporting this issue.
Last Modified

CVE description copyright © 2017, The MITRE Corporation