CVE-2010-5328

Description

include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group.

Category

5.5
CVSS
Severity: Medium
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.07%
Vendor Advisory naist.jp
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df patch third party advisory issue tracking
https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df patch third party advisory issue tracking
https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023 patch third party advisory issue tracking
http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35 release notes vendor advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd patch third party advisory issue tracking
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023 patch third party advisory issue tracking
http://www.openwall.com/lists/oss-security/2017/01/21/2 patch mailing list third party advisory
https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd patch third party advisory issue tracking
http://www.securityfocus.com/bid/97103 vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=1358840 patch issue tracking

Frequently Asked Questions

What is the severity of CVE-2010-5328?
CVE-2010-5328 has been scored as a medium severity vulnerability.
How to fix CVE-2010-5328?
To fix CVE-2010-5328, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2010-5328 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2010-5328 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.