CVE-2010-0307

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.
Severity
UNKNOWN
AV:L/AC:M/Au:N/C:N/I:N/A:C
Atk. Vector
LOCAL
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
linuxlinux_kernel
𝑥
< 2.6.32.8
debiandebian_linux
4.0
debiandebian_linux
5.0
canonicalubuntu_linux
6.06
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
canonicalubuntu_linux
9.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
karmic
Fixed 2.6.31-20.58
released
jaunty
Fixed 2.6.28-18.60
released
intrepid
Fixed 2.6.27-17.46
released
hardy
Fixed 2.6.24-27.68
released
dapper
dne
linux-source-2.6.15
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
Fixed 2.6.15-55.83
released
References