CVE-2010-2537

moderate-risk

Published 2010-09-30

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.

Do I need to act?

0.09% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.1/10 High

LOCAL / LOW complexity

Affected Products (7)

Linux Kernel

Ubuntu Linux

Suse Linux Enterprise Desktop

Ubuntu Linux

Linux Enterprise High Availability Extension

Suse Linux Enterprise Server

Affected Vendors

Linux Canonical Suse

References (20)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=...

Mailing List http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

Broken Link http://secunia.com/advisories/42758

Broken Link http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

Mailing List http://www.openwall.com/lists/oss-security/2010/07/21/10

Mailing List http://www.openwall.com/lists/oss-security/2010/07/21/4

Third Party Advisory http://www.securityfocus.com/bid/41847

Third Party Advisory http://www.ubuntu.com/usn/USN-1041-1

Broken Link http://www.vupen.com/english/advisories/2011/0070

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=616998