CVE-2010-2943

8.1 HIGH

Published: September 30, 2010 Modified: April 29, 2026

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767

Source: secalert@redhat.com

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768

Source: secalert@redhat.com

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769

Source: secalert@redhat.com

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771

Source: secalert@redhat.com

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188

Source: secalert@redhat.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d

Source: secalert@redhat.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa

Source: secalert@redhat.com

http://oss.sgi.com/archives/xfs/2010-06/msg00191.html

Source: secalert@redhat.com

Broken Link

http://oss.sgi.com/archives/xfs/2010-06/msg00198.html

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/42758

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/43161

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/46397

Source: secalert@redhat.com

Broken Link

http://support.avaya.com/css/P8/documents/100113326

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2010/08/18/2

Source: secalert@redhat.com

Mailing List Patch Third Party Advisory

http://www.openwall.com/lists/oss-security/2010/08/19/5

Source: secalert@redhat.com

Mailing List Patch Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0723.html

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Source: secalert@redhat.com

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/42527

Source: secalert@redhat.com

Exploit Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-1041-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-1057-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0070

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2011/0280

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=624923

Source: secalert@redhat.com

Issue Tracking Patch Third Party Advisory

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767