What is CVE-2010-2537?

CVE-2010-2537 is a high-severity vulnerability in Linux Linux_kernel. CVSS score: 7.1/10. Published 2010-09-30.

How severe is CVE-2010-2537?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Linux Linux_kernel

CVE-2010-2537

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.

EPSS: 0.001 (25.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.

Affected products

Linux Linux_kernel
Canonical Ubuntu_linux — versions 10.04, 9.10, 10.10
Suse Linux_enterprise_high_availability_extension — versions 11
Suse Suse_linux_enterprise_desktop — versions 11
Suse Suse_linux_enterprise_server — versions 11
N/a — versions n/a

References

USN-1041-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
[oss-security] 20100721 Re: CVE request: kernel: btrfs (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
SUSE-SA:2010:040 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Broken Link)
42758 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM)
ADV-2011-0070 (vdb-entry, x_refsource_VUPEN, Broken Link)
[oss-security] 20100721 CVE request: kernel: btrfs (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
41847 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2010-2537?: CVE-2010-2537 is a high-severity vulnerability in Linux Linux_kernel. CVSS score: 7.1/10. Published 2010-09-30.
How severe is CVE-2010-2537?: High severity. CVSS v3 base score is 7.1 out of 10.