CVE-2010-2943

CVE Database · CVE-2010-2943

CVE-2010-2943

· HIGHModified

CVSS v3.1

8.1

EPSS

17.01%

Published

Sep 30, 2010

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBXFS - Deleted Inode Local Information Disclosure TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-200

Affected Products (26)

linux · linux_kernel (up to 2.6.35)vulnerable

canonical · ubuntu_linuxvulnerable