CVE-2010-4258

Priority
Description
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2
does not properly handle a KERNEL_DS get_fs value, which allows local users
to bypass intended access_ok restrictions, overwrite arbitrary kernel
memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL
pointer dereference, or (3) page fault, as demonstrated by vectors
involving the clear_child_tid feature and the splice system call.
Ubuntu-Description
Nelson Elhage discovered that the kernel did not correctly handle process
cleanup after triggering a recoverable kernel bug. If a local attacker were
able to trigger certain kinds of kernel bugs, they could create a specially
crafted process to gain root privileges.
Notes
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
More Information

Updated: 2020-03-18 22:04:40 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)