CVE-2010-4258

Priority
Description
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2
does not properly handle a KERNEL_DS get_fs value, which allows local users
to bypass intended access_ok restrictions, overwrite arbitrary kernel
memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL
pointer dereference, or (3) page fault, as demonstrated by vectors
involving the clear_child_tid feature and the splice system call.
Ubuntu-Description
Nelson Elhage discovered that the kernel did not correctly handle process
cleanup after triggering a recoverable kernel bug. If a local attacker were
able to trigger certain kinds of kernel bugs, they could create a specially
crafted process to gain root privileges.
Notes
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
More Information

Updated: 2019-12-05 20:55:59 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)