{
  "threat_severity" : "Moderate",
  "public_date" : "2010-09-28T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: pktcdvd ioctl dev_minor missing range check",
    "id" : "638085",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=638085"
  },
  "cvss" : {
    "cvss_base_score" : "4.7",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:C/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call." ],
  "statement" : "The Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 did not include support for Packet writing layer for ATAPI and SCSI disc media devices, and therefore are not affected by this issue. The Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG only allow root access to the \"/dev/pktcdvd/control\" file, and therefore are also not affected by this issue.",
  "acknowledgement" : "Red Hat would like to thank Dan Rosenberg for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2010-11-10T00:00:00Z",
    "advisory" : "RHSA-2010:0842",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-71.7.1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-3437\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3437" ],
  "name" : "CVE-2010-3437",
  "csaw" : false
}