CVE-2010-2226

Name: CVE-2010-2226
Creator: NVD / NIST
Published: 2010-09-03T20:00:03.34+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.43%

Last modified Jun 16, 2026

CVE-2010-2226 is a vulnerability of currently unknown severity. The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

Metrics

EPSS Probability

0.43%

34.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	< 2.6.35	—
Suse	Linux Enterprise Desktop	10	Sp3
Suse	Linux Enterprise Server	10	Sp3
Suse	Linux Enterprise Software Development Kit	10	Sp3
Debian	Debian Linux	5.0	—
Canonical	Ubuntu Linux	6.06	—
Canonical	Ubuntu Linux	8.04	—
Canonical	Ubuntu Linux	9.04	—
Canonical	Ubuntu Linux	9.10	—
Canonical	Ubuntu Linux	10.04	—
Canonical	Ubuntu Linux	10.10	—

References

http://archives.free.net.ph/message/20100616.130710.301704aa.en.htmlBroken Link
http://archives.free.net.ph/message/20100616.135735.40f53a32.en.htmlBroken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
http://marc.info/?l=oss-security&m=127677135609357&w=2Third Party Advisory
http://marc.info/?l=oss-security&m=127687486331790&w=2Third Party Advisory
http://secunia.com/advisories/43315Third Party Advisory
http://www.debian.org/security/2010/dsa-2094Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0610.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/516397/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/40920Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1000-1Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=605158Issue Tracking, Third Party Advisory
http://archives.free.net.ph/message/20100616.130710.301704aa.en.htmlBroken Link
http://archives.free.net.ph/message/20100616.135735.40f53a32.en.htmlBroken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
http://marc.info/?l=oss-security&m=127677135609357&w=2Third Party Advisory
http://marc.info/?l=oss-security&m=127687486331790&w=2Third Party Advisory
http://secunia.com/advisories/43315Third Party Advisory
http://www.debian.org/security/2010/dsa-2094Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0610.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/516397/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/40920Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1000-1Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=605158Issue Tracking, Third Party Advisory

Timeline

Published: Sep 3, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-2226?

How severe is CVE-2010-2226?

Severity scoring for CVE-2010-2226 is pending analysis. The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.

How do I fix CVE-2010-2226?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2226?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST