CVE-2010-3301

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Published: Sep 22, 2010
Updated: Nov 8, 2023
CVE: CVE-2010-3301
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.36-rc2	2.6.36-rc2.x
linux / linux_kernel	2.6.36-rc1	2.6.36-rc1.x
linux / linux_kernel	2.6.36-rc3	2.6.36-rc3.x
linux / linux_kernel	-	2.6.36
linux / linux_kernel	2.6.36	2.6.36.x
suse / linux_enterprise_real_time_extension	11-sp1	11-sp1.x
canonical / ubuntu_linux	10.10	10.10.x
canonical / ubuntu_linux	9.10	9.10.x
canonical / ubuntu_linux	10.04	10.04.x

Vulnerability Database

289,697

CVE-2010-3301