CVE-2010-4258 (retired)

Priority
Description
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2
does not properly handle a KERNEL_DS get_fs value, which allows local users
to bypass intended access_ok restrictions, overwrite arbitrary kernel
memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL
pointer dereference, or (3) page fault, as demonstrated by vectors
involving the clear_child_tid feature and the splice system call.
Ubuntu-Description
Nelson Elhage discovered that the kernel did not correctly handle process
cleanup after triggering a recoverable kernel bug. If a local attacker were
able to trigger certain kinds of kernel bugs, they could create a specially
crafted process to gain root privileges.
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
Package
Upstream:released (2.6.37~rc5)
More Information

Updated: 2019-03-26 11:54:02 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)