Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @

EGI CSIRT:Alerts/kernel-2010-09-16

From EGIWiki
Jump to navigation Jump to search

Title: CRITICAL Kernel Vulnerability: 64-bit Compatibility Mode Stack Pointer Corruption
Date: September 16, 2010


A vulnerability in the 32-bit compatibility layer for 64-bit systems has
been reported. It is caused by insecure allocation of user space memory
when translating system call inputs to 64-bit. A stack pointer corruption
can occur when using the "compat_alloc_user_space" method with an
arbitrary length input. This vulnerability has been labeled

A local root exploit for this issue is publically available, and has
been verified to work on at least RHEL/CentOS/SLC 5 systems. It is
likely that the vulnerability is present also on other distributions,
even if this particular exploit doesn't work on them.


EGI CSIRT has classified this as a critical vulnerability, and all sites
should update their 64-bit machines in the EGI infrastructure as soon as
vendor kernel updates are published and available.

A kernel update for SLC5 x86_64 is expected within a few hours.

EGI CSIRT will not issue any recommendation whether to drain queues and
disable logins pending a kernel update; we defer to local site policy in
this matter.

WLCG management is aware of the issue and will accept essential and related
unscheduled downtime incurred while handling CVE-2010-3081.


This problem was reported on 2010-09-16 by Ben Hawkes:

RedHat is recognizing the problem:

A working local root exploit has been published on the Full Disclosure
mailing list: