Unrated severityNVD Advisory· Published Oct 4, 2010· Updated Apr 29, 2026
CVE-2010-3437
CVE-2010-3437
Description
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.
Affected products
23cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 5 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <2.6.36
- cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc5:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- jon.oberheide.org/files/cve-2010-3437.cnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/15150/nvdExploitThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlnvdMailing ListThird Party Advisory
- secunia.com/advisories/42778nvdThird Party Advisory
- secunia.com/advisories/42801nvdThird Party Advisory
- secunia.com/advisories/42932nvdThird Party Advisory
- www.debian.org/security/2010/dsa-2126nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2010/09/28/2nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2010/09/28/6nvdMailing ListThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0842.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/43551nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1000-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0012nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0124nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0298nvdThird Party Advisory
- www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6nvdBroken Link
News mentions
0No linked articles in our index yet.