CVE-2010-0453

OpenSolaris snv_69-snv_133 - Denial of Service via UCODE_GET_VERSION IOCTL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0453. PoCs published by Patroklos Argyroudis.

AI-analyzed exploit summary This exploit triggers a NULL pointer dereference in the Solaris/OpenSolaris kernel via the UCODE_GET_VERSION ioctl, leading to a denial of service (kernel panic). It demonstrates the vulnerability by passing a zero-sized buffer to the ioctl call.

Description

The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.

Exploits (1)

exploitdb WORKING POC

by Patroklos Argyroudis · cdossolaris

https://www.exploit-db.com/exploits/11351

View Code ZIP pw:eip

This exploit triggers a NULL pointer dereference in the Solaris/OpenSolaris kernel via the UCODE_GET_VERSION ioctl, leading to a denial of service (kernel panic). It demonstrates the vulnerability by passing a zero-sized buffer to the ioctl call.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Solaris/OpenSolaris kernel (versions affected by CVE-2010-0453)

No auth needed

Prerequisites: Access to the target system with the ability to open /dev/ucode

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-103B.html

Patch x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-143913-01-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55991

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38452

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021799.1-1

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6959

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/509276/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38016

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-275910-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/62046

Various Sources x_refsource_misc

http://www.trapkit.de/advisories/TKADV2010-001.txt

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0270

Scores

EPSS 0.0083

EPSS Percentile 52.7%

Details

CWE

CWE-20

Status published

Products (50)

sun/opensolaris snv_69

sun/opensolaris snv_70

sun/opensolaris snv_71

sun/opensolaris snv_72

sun/opensolaris snv_73

sun/opensolaris snv_74

sun/opensolaris snv_75

sun/opensolaris snv_76

sun/opensolaris snv_77

sun/opensolaris snv_78

... and 40 more

Published Feb 03, 2010

Tracked Since Feb 18, 2026