CVE-2010-2943

HIGH

Linux kernel <2.6.35 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2943. PoCs published by Red Hat.

AI-analyzed exploit summary This exploit demonstrates a local information disclosure vulnerability in the XFS filesystem by creating stale file handles and attempting to open unlinked files. It leverages improper handle validation to potentially access sensitive data or cause denial-of-service conditions.

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Red Hat · clocallinux

https://www.exploit-db.com/exploits/15155

View Code ZIP pw:eip

This exploit demonstrates a local information disclosure vulnerability in the XFS filesystem by creating stale file handles and attempting to open unlinked files. It leverages improper handle validation to potentially access sensitive data or cause denial-of-service conditions.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: XFS filesystem (Linux kernel)

No auth needed

Prerequisites: Local access to the system · XFS filesystem in use · Write permissions in a test directory

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (25)

Core 25

Core References

Broken Link mailing-list x_refsource_mlist

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d

Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/42527

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0723.html

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=624923

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Broken Link mailing-list x_refsource_mlist

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/46397

Broken Link mailing-list x_refsource_mlist

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/08/18/2

Broken Link mailing-list x_refsource_mlist

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767

Broken Link mailing-list x_refsource_mlist

http://oss.sgi.com/archives/xfs/2010-06/msg00191.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1041-1

Broken Link x_refsource_confirm

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

Broken Link mailing-list x_refsource_mlist

http://oss.sgi.com/archives/xfs/2010-06/msg00198.html

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0280

Third Party Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42758

Third Party Advisory x_refsource_confirm

http://support.avaya.com/css/P8/documents/100113326

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1057-1

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/08/19/5

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0070

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43161

Scores

CVSS v3 8.1

EPSS 0.1701

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-200

Status published

Products (24)

avaya/aura_communication_manager 5.2

avaya/aura_presence_services 6.0

avaya/aura_presence_services 6.1

avaya/aura_presence_services 6.1.1

avaya/aura_session_manager 1.1

avaya/aura_session_manager 5.2

avaya/aura_session_manager 6.0

avaya/aura_system_manager 5.2

avaya/aura_system_manager 6.0

avaya/aura_system_manager 6.1

... and 14 more

Published Sep 30, 2010

Tracked Since Feb 18, 2026