Think you have a false positive on this rule?

Sid 1-24371

Message

OS-LINUX Linux kernel IA32 out-of-bounds system call attempt

Summary

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Impact

CVSS base score 7.2 CVSS impact score 10.0 CVSS exploitability score 3.9 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2010-3301:

CVSS base score 7.2

CVSS impact score 10.0

CVSS exploitability score 3.9

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-3301: The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Affected systems

  • linux linux_kernel 2.6.0
  • linux linux_kernel 2.6.1
  • linux linux_kernel 2.6.2
  • linux linux_kernel 2.6.3
  • linux linux_kernel 2.6.4
  • linux linux_kernel 2.6.5
  • linux linux_kernel 2.6.6
  • linux linux_kernel 2.6.7
  • linux linux_kernel 2.6.8
  • linux linux_kernel 2.6.8.1
  • linux linux_kernel 2.6.9
  • linux linux_kernel 2.6.10
  • linux linux_kernel 2.6.11
  • linux linux_kernel 2.6.11.1
  • linux linux_kernel 2.6.11.2
  • linux linux_kernel 2.6.11.3
  • linux linux_kernel 2.6.11.4
  • linux linux_kernel 2.6.11.5
  • linux linux_kernel 2.6.11.6
  • linux linux_kernel 2.6.11.7
  • linux linux_kernel 2.6.11.8
  • linux linux_kernel 2.6.11.9
  • linux linux_kernel 2.6.11.10
  • linux linux_kernel 2.6.11.11
  • linux linux_kernel 2.6.11.12
  • linux linux_kernel 2.6.12
  • linux linux_kernel 2.6.12.1
  • linux linux_kernel 2.6.12.2
  • linux linux_kernel 2.6.12.3
  • linux linux_kernel 2.6.12.4
  • linux linux_kernel 2.6.12.5
  • linux linux_kernel 2.6.12.6
  • linux linux_kernel 2.6.13
  • linux linux_kernel 2.6.13.1
  • linux linux_kernel 2.6.13.2
  • linux linux_kernel 2.6.13.3
  • linux linux_kernel 2.6.13.4
  • linux linux_kernel 2.6.13.5
  • linux linux_kernel 2.6.14
  • linux linux_kernel 2.6.14.1
  • linux linux_kernel 2.6.14.2
  • linux linux_kernel 2.6.14.3
  • linux linux_kernel 2.6.14.4
  • linux linux_kernel 2.6.14.5
  • linux linux_kernel 2.6.14.6
  • linux linux_kernel 2.6.14.7
  • linux linux_kernel 2.6.15
  • linux linux_kernel 2.6.15.1
  • linux linux_kernel 2.6.15.2
  • linux linux_kernel 2.6.15.3
  • linux linux_kernel 2.6.15.4
  • linux linux_kernel 2.6.15.5
  • linux linux_kernel 2.6.15.6
  • linux linux_kernel 2.6.15.7
  • linux linux_kernel 2.6.16
  • linux linux_kernel 2.6.16.1
  • linux linux_kernel 2.6.16.2
  • linux linux_kernel 2.6.16.3
  • linux linux_kernel 2.6.16.4
  • linux linux_kernel 2.6.16.5
  • linux linux_kernel 2.6.16.6
  • linux linux_kernel 2.6.16.7
  • linux linux_kernel 2.6.16.8
  • linux linux_kernel 2.6.16.9
  • linux linux_kernel 2.6.16.10
  • linux linux_kernel 2.6.16.11
  • linux linux_kernel 2.6.16.12
  • linux linux_kernel 2.6.16.13
  • linux linux_kernel 2.6.16.14
  • linux linux_kernel 2.6.16.15
  • linux linux_kernel 2.6.16.16
  • linux linux_kernel 2.6.16.17
  • linux linux_kernel 2.6.16.18
  • linux linux_kernel 2.6.16.19
  • linux linux_kernel 2.6.16.20
  • linux linux_kernel 2.6.16.21
  • linux linux_kernel 2.6.16.22
  • linux linux_kernel 2.6.16.23
  • linux linux_kernel 2.6.16.24
  • linux linux_kernel 2.6.16.25
  • linux linux_kernel 2.6.16.26
  • linux linux_kernel 2.6.16.27
  • linux linux_kernel 2.6.16.28
  • linux linux_kernel 2.6.16.29
  • linux linux_kernel 2.6.16.30
  • linux linux_kernel 2.6.16.31
  • linux linux_kernel 2.6.16.32
  • linux linux_kernel 2.6.16.33
  • linux linux_kernel 2.6.16.34
  • linux linux_kernel 2.6.16.35
  • linux linux_kernel 2.6.16.36
  • linux linux_kernel 2.6.16.37
  • linux linux_kernel 2.6.16.38
  • linux linux_kernel 2.6.16.39
  • linux linux_kernel 2.6.16.40
  • linux linux_kernel 2.6.16.41
  • linux linux_kernel 2.6.16.42
  • linux linux_kernel 2.6.16.43
  • linux linux_kernel 2.6.16.44
  • linux linux_kernel 2.6.16.45
  • linux linux_kernel 2.6.16.46
  • linux linux_kernel 2.6.16.47
  • linux linux_kernel 2.6.16.48
  • linux linux_kernel 2.6.16.49
  • linux linux_kernel 2.6.16.50
  • linux linux_kernel 2.6.16.51
  • linux linux_kernel 2.6.16.52
  • linux linux_kernel 2.6.16.53
  • linux linux_kernel 2.6.16.54
  • linux linux_kernel 2.6.16.55
  • linux linux_kernel 2.6.16.56
  • linux linux_kernel 2.6.16.57
  • linux linux_kernel 2.6.16.58
  • linux linux_kernel 2.6.16.59
  • linux linux_kernel 2.6.16.60
  • linux linux_kernel 2.6.16.61
  • linux linux_kernel 2.6.16.62
  • linux linux_kernel 2.6.17
  • linux linux_kernel 2.6.17.1
  • linux linux_kernel 2.6.17.2
  • linux linux_kernel 2.6.17.3
  • linux linux_kernel 2.6.17.4
  • linux linux_kernel 2.6.17.5
  • linux linux_kernel 2.6.17.6
  • linux linux_kernel 2.6.17.7
  • linux linux_kernel 2.6.17.8
  • linux linux_kernel 2.6.17.9
  • linux linux_kernel 2.6.17.10
  • linux linux_kernel 2.6.17.11
  • linux linux_kernel 2.6.17.12
  • linux linux_kernel 2.6.17.13
  • linux linux_kernel 2.6.17.14
  • linux linux_kernel 2.6.18
  • linux linux_kernel 2.6.18.1
  • linux linux_kernel 2.6.18.2
  • linux linux_kernel 2.6.18.3
  • linux linux_kernel 2.6.18.4
  • linux linux_kernel 2.6.18.5
  • linux linux_kernel 2.6.18.6
  • linux linux_kernel 2.6.18.7
  • linux linux_kernel 2.6.18.8
  • linux linux_kernel 2.6.19
  • linux linux_kernel 2.6.19.1
  • linux linux_kernel 2.6.19.2
  • linux linux_kernel 2.6.19.3
  • linux linux_kernel 2.6.19.4
  • linux linux_kernel 2.6.19.5
  • linux linux_kernel 2.6.19.6
  • linux linux_kernel 2.6.19.7
  • linux linux_kernel 2.6.20
  • linux linux_kernel 2.6.20.1
  • linux linux_kernel 2.6.20.2
  • linux linux_kernel 2.6.20.3
  • linux linux_kernel 2.6.20.4
  • linux linux_kernel 2.6.20.5
  • linux linux_kernel 2.6.20.6
  • linux linux_kernel 2.6.20.7
  • linux linux_kernel 2.6.20.8
  • linux linux_kernel 2.6.20.9
  • linux linux_kernel 2.6.20.10
  • linux linux_kernel 2.6.20.11
  • linux linux_kernel 2.6.20.12
  • linux linux_kernel 2.6.20.13
  • linux linux_kernel 2.6.20.14
  • linux linux_kernel 2.6.20.15
  • linux linux_kernel 2.6.20.16
  • linux linux_kernel 2.6.20.17
  • linux linux_kernel 2.6.20.18
  • linux linux_kernel 2.6.20.19
  • linux linux_kernel 2.6.20.20
  • linux linux_kernel 2.6.20.21
  • linux linux_kernel 2.6.21
  • linux linux_kernel 2.6.21.1
  • linux linux_kernel 2.6.21.2
  • linux linux_kernel 2.6.21.3
  • linux linux_kernel 2.6.21.4
  • linux linux_kernel 2.6.21.5
  • linux linux_kernel 2.6.21.6
  • linux linux_kernel 2.6.21.7
  • linux linux_kernel 2.6.22
  • linux linux_kernel 2.6.22.1
  • linux linux_kernel 2.6.22.2
  • linux linux_kernel 2.6.22.3
  • linux linux_kernel 2.6.22.4
  • linux linux_kernel 2.6.22.5
  • linux linux_kernel 2.6.22.6
  • linux linux_kernel 2.6.22.7
  • linux linux_kernel 2.6.22.8
  • linux linux_kernel 2.6.22.9
  • linux linux_kernel 2.6.22.10
  • linux linux_kernel 2.6.22.11
  • linux linux_kernel 2.6.22.12
  • linux linux_kernel 2.6.22.13
  • linux linux_kernel 2.6.22.14
  • linux linux_kernel 2.6.22.15
  • linux linux_kernel 2.6.22.16
  • linux linux_kernel 2.6.22.17
  • linux linux_kernel 2.6.22.18
  • linux linux_kernel 2.6.22.19
  • linux linux_kernel 2.6.22.20
  • linux linux_kernel 2.6.22.21
  • linux linux_kernel 2.6.22.22
  • linux linux_kernel 2.6.23
  • linux linux_kernel 2.6.23.1
  • linux linux_kernel 2.6.23.2
  • linux linux_kernel 2.6.23.3
  • linux linux_kernel 2.6.23.4
  • linux linux_kernel 2.6.23.5
  • linux linux_kernel 2.6.23.6
  • linux linux_kernel 2.6.23.7
  • linux linux_kernel 2.6.23.8
  • linux linux_kernel 2.6.23.9
  • linux linux_kernel 2.6.23.10
  • linux linux_kernel 2.6.23.11
  • linux linux_kernel 2.6.23.12
  • linux linux_kernel 2.6.23.13
  • linux linux_kernel 2.6.23.14
  • linux linux_kernel 2.6.23.15
  • linux linux_kernel 2.6.23.16
  • linux linux_kernel 2.6.23.17
  • linux linux_kernel 2.6.24
  • linux linux_kernel 2.6.24.1
  • linux linux_kernel 2.6.24.2
  • linux linux_kernel 2.6.24.3
  • linux linux_kernel 2.6.24.4
  • linux linux_kernel 2.6.24.5
  • linux linux_kernel 2.6.24.6
  • linux linux_kernel 2.6.24.7
  • linux linux_kernel 2.6.25
  • linux linux_kernel 2.6.25.1
  • linux linux_kernel 2.6.25.2
  • linux linux_kernel 2.6.25.3
  • linux linux_kernel 2.6.25.4
  • linux linux_kernel 2.6.25.5
  • linux linux_kernel 2.6.25.6
  • linux linux_kernel 2.6.25.7
  • linux linux_kernel 2.6.25.8
  • linux linux_kernel 2.6.25.9
  • linux linux_kernel 2.6.25.10
  • linux linux_kernel 2.6.25.11
  • linux linux_kernel 2.6.25.12
  • linux linux_kernel 2.6.25.13
  • linux linux_kernel 2.6.25.14
  • linux linux_kernel 2.6.25.15
  • linux linux_kernel 2.6.25.16
  • linux linux_kernel 2.6.25.17
  • linux linux_kernel 2.6.25.18
  • linux linux_kernel 2.6.25.19
  • linux linux_kernel 2.6.25.20
  • linux linux_kernel 2.6.26
  • linux linux_kernel 2.6.26.1
  • linux linux_kernel 2.6.26.2
  • linux linux_kernel 2.6.26.3
  • linux linux_kernel 2.6.26.4
  • linux linux_kernel 2.6.26.5
  • linux linux_kernel 2.6.26.6
  • linux linux_kernel 2.6.26.7
  • linux linux_kernel 2.6.26.8
  • linux linux_kernel 2.6.27
  • linux linux_kernel 2.6.27.5
  • linux linux_kernel 2.6.27.6
  • linux linux_kernel 2.6.27.7
  • linux linux_kernel 2.6.27.8
  • linux linux_kernel 2.6.27.9
  • linux linux_kernel 2.6.27.10
  • linux linux_kernel 2.6.27.11
  • linux linux_kernel 2.6.27.12
  • linux linux_kernel 2.6.27.20
  • linux linux_kernel 2.6.27.22
  • linux linux_kernel 2.6.27.23
  • linux linux_kernel 2.6.27.24
  • linux linux_kernel 2.6.27.33
  • linux linux_kernel 2.6.27.34
  • linux linux_kernel 2.6.27.35
  • linux linux_kernel 2.6.27.36
  • linux linux_kernel 2.6.27.37
  • linux linux_kernel 2.6.28
  • linux linux_kernel 2.6.28.1
  • linux linux_kernel 2.6.28.2
  • linux linux_kernel 2.6.28.3
  • linux linux_kernel 2.6.28.4
  • linux linux_kernel 2.6.28.5
  • linux linux_kernel 2.6.28.6
  • linux linux_kernel 2.6.28.7
  • linux linux_kernel 2.6.28.8
  • linux linux_kernel 2.6.28.9
  • linux linux_kernel 2.6.28.10
  • linux linux_kernel 2.6.29
  • linux linux_kernel 2.6.29.1
  • linux linux_kernel 2.6.29.2
  • linux linux_kernel 2.6.29.3
  • linux linux_kernel 2.6.29.4
  • linux linux_kernel 2.6.29.5
  • linux linux_kernel 2.6.29.6
  • linux linux_kernel 2.6.30
  • linux linux_kernel 2.6.30.1
  • linux linux_kernel 2.6.30.2
  • linux linux_kernel 2.6.30.3
  • linux linux_kernel 2.6.30.4
  • linux linux_kernel 2.6.30.5
  • linux linux_kernel 2.6.30.6
  • linux linux_kernel 2.6.30.7
  • linux linux_kernel 2.6.30.8
  • linux linux_kernel 2.6.30.9
  • linux linux_kernel 2.6.30.10
  • linux linux_kernel 2.6.31
  • linux linux_kernel 2.6.31.1
  • linux linux_kernel 2.6.31.2
  • linux linux_kernel 2.6.31.3
  • linux linux_kernel 2.6.31.4
  • linux linux_kernel 2.6.31.5
  • linux linux_kernel 2.6.31.6
  • linux linux_kernel 2.6.31.7
  • linux linux_kernel 2.6.31.8
  • linux linux_kernel 2.6.31.9
  • linux linux_kernel 2.6.31.10
  • linux linux_kernel 2.6.31.11
  • linux linux_kernel 2.6.31.12
  • linux linux_kernel 2.6.31.13
  • linux linux_kernel 2.6.31.14
  • linux linux_kernel 2.6.32
  • linux linux_kernel 2.6.32.1
  • linux linux_kernel 2.6.32.2
  • linux linux_kernel 2.6.32.3
  • linux linux_kernel 2.6.32.4
  • linux linux_kernel 2.6.32.5
  • linux linux_kernel 2.6.32.6
  • linux linux_kernel 2.6.32.7
  • linux linux_kernel 2.6.32.8
  • linux linux_kernel 2.6.32.9
  • linux linux_kernel 2.6.32.10
  • linux linux_kernel 2.6.32.11
  • linux linux_kernel 2.6.32.12
  • linux linux_kernel 2.6.32.13
  • linux linux_kernel 2.6.32.14
  • linux linux_kernel 2.6.32.15
  • linux linux_kernel 2.6.32.16
  • linux linux_kernel 2.6.32.17
  • linux linux_kernel 2.6.32.18
  • linux linux_kernel 2.6.32.19
  • linux linux_kernel 2.6.32.20
  • linux linux_kernel 2.6.33
  • linux linux_kernel 2.6.33.1
  • linux linux_kernel 2.6.33.2
  • linux linux_kernel 2.6.33.3
  • linux linux_kernel 2.6.33.4
  • linux linux_kernel 2.6.33.5
  • linux linux_kernel 2.6.33.6
  • linux linux_kernel 2.6.33.7
  • linux linux_kernel 2.6.34
  • linux linux_kernel 2.6.34.1
  • linux linux_kernel 2.6.34.2
  • linux linux_kernel 2.6.34.3
  • linux linux_kernel 2.6.34.4
  • linux linux_kernel 2.6.34.5
  • linux linux_kernel 2.6.34.6
  • linux linux_kernel 2.6.34.7
  • linux linux_kernel 2.6.35
  • linux linux_kernel 2.6.35.1
  • linux linux_kernel 2.6.35.2
  • linux linux_kernel 2.6.35.3
  • linux linux_kernel 2.6.35.4
  • linux linux_kernel 2.6.36

Ease of attack

CVE-2010-3301:

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References