CVE-2010-2943

HIGH

Linux kernel <2.6.35 - Info Disclosure

Title source: llm

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Red Hat · clocallinux

https://www.exploit-db.com/exploits/15155

View Code ZIP pw:eip

References (25)

[Broken Link] http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767

[Broken Link] http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768

[Broken Link] http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769

[Broken Link] http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa

[Broken Link] http://oss.sgi.com/archives/xfs/2010-06/msg00191.html

[Broken Link] http://oss.sgi.com/archives/xfs/2010-06/msg00198.html

[Broken Link] http://secunia.com/advisories/42758

[Broken Link] http://secunia.com/advisories/43161

[Broken Link] http://secunia.com/advisories/46397

[Third Party Advisory] http://support.avaya.com/css/P8/documents/100113326

[Broken Link] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2010/08/18/2

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2010/08/19/5

[Broken Link] http://www.redhat.com/support/errata/RHSA-2010-0723.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/520102/100/0/threaded

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/42527

[Third Party Advisory] http://www.ubuntu.com/usn/USN-1041-1

... and 5 more

Scores

CVSS v3 8.1

EPSS 0.0382

EPSS Percentile 87.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (26)

linux/linux_kernel < 2.6.35

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

vmware/esx

vmware/esx

avaya/aura_communication_manager

avaya/aura_presence_services

avaya/aura_presence_services

avaya/aura_presence_services

avaya/aura_session_manager

avaya/aura_session_manager

avaya/aura_session_manager

avaya/aura_system_manager

... and 11 more

Timeline

Published Sep 30, 2010

Tracked Since Feb 18, 2026