CVE-2010-4163

Description

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.

CVSS Metrics

• v2.0•MEDIUM•Score: 4.7AV:L/AC:M/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.08%• Percentile: 24%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• linux•linux_kernel

  < 2.6.36.2

• opensuse•opensuse

  11.2 | 11.3

• suse•linux_enterprise_desktop

  11:sp1

• suse•linux_enterprise_real_time_extension

  11:sp1

• suse•linux_enterprise_server

  11:sp1

References (20)

• http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
• http://secunia.com/advisories/42778
• http://secunia.com/advisories/42801
• http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html
• http://www.securityfocus.com/bid/44793
• http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html
• http://secunia.com/advisories/42932
• http://www.redhat.com/support/errata/RHSA-2011-0007.html
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9284bcf4e335e5f18a8bc7b26461c33ab60d0689
• http://openwall.com/lists/oss-security/2010/11/29/1
• http://www.vupen.com/english/advisories/2011/0124
• http://openwall.com/lists/oss-security/2010/11/10/18
• http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
• http://openwall.com/lists/oss-security/2010/11/12/2
• http://www.vupen.com/english/advisories/2011/0298
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2
• http://secunia.com/advisories/42890
• http://www.vupen.com/english/advisories/2011/0012
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
• https://bugzilla.redhat.com/show_bug.cgi?id=652957