Vulnerability Details : CVE-2010-0453
The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.
Vulnerability category: Memory CorruptionInput validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-0453
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0453
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2010-0453
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0453
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6959
Repository / Oval Repository
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021799.1-1
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/55991
Sun Solaris microcode denial of service CVE-2010-0453 Vulnerability Report
-
http://www.securityfocus.com/bid/38016
Sun Solaris 'CODE_GET_VERSION IOCTL' Local Denial Of Service Vulnerability
-
http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
Security | Oracle Critical Patch Update - April 2010
-
http://www.trapkit.de/advisories/TKADV2010-001.txt
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275910-1
-
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
Oracle Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://sunsolve.sun.com/search/document.do?assetkey=1-21-143913-01-1
Patch
-
http://www.vupen.com/english/advisories/2010/0270
Webmail | OVH- OVHPatch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/509276/100/0/threaded
SecurityFocus
Products affected by CVE-2010-0453
- cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_72:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_85:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_77:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_87:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_88:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_94:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_93:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_100:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_101:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_102:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_71:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_69:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_78:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_83:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_82:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_89:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_95:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_73:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_75:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_80:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_76:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_91:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_90:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_98:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_96:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_70:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_74:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_84:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_79:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_81:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_86:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_92:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_99:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_97:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_103:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_104:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_105:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_106:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_107:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_108:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_109:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_110:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_112:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_113:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_115:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_114:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_116:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_111:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_117:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_118:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_119:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_120:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_121:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_122:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_123:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_124:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_125:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_130:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_126:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_127:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_128:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_129:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_131:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_132:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_133:*:x86:*:*:*:*:*