CVE-2010-0415

medium

Published 2010-02-17 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.6

Description

The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-40810 local linux

spender · 2010-02-08

Linux Kernel 2.6.18 - 'move_pages()' Information Leak

Source code queued for fetch — refresh in a moment.

OS impact

Linux kernel Affected 131 releases

Version	Status	Fixed in
2.6.33	Affected	—
2.6.32.4	Affected	—
2.6.32.3	Affected	—
2.6.32.2	Affected	—
2.6.32.1	Affected	—
2.6.32	Affected	—
2.6.24	Affected	—
2.6.23.7	Affected	—
2.6.23.6	Affected	—
2.6.23.5	Affected	—
2.6.23.4	Affected	—
2.6.23.3	Affected	—
2.6.23.2	Affected	—
2.6.23.1	Affected	—
2.6.23	Affected	—
2.6.22.7	Affected	—
2.6.22.6	Affected	—
2.6.22.5	Affected	—
2.6.22.4	Affected	—
2.6.22.3	Affected	—
2.6.22.2	Affected	—
2.6.22	Affected	—
2.6.18.8	Affected	—
2.6.18.7	Affected	—
2.6.18.6	Affected	—
2.6.18.5	Affected	—
2.6.18.4	Affected	—
2.6.18.3	Affected	—
2.6.18.2	Affected	—
2.6.18.1	Affected	—
2.6.17.14	Affected	—
2.6.17.13	Affected	—
2.6.17.12	Affected	—
2.6.17.11	Affected	—
2.6.17.10	Affected	—
2.6.17.9	Affected	—
2.6.17.8	Affected	—
2.6.17.7	Affected	—
2.6.17.6	Affected	—
2.6.17.5	Affected	—
2.6.17.4	Affected	—
2.6.17.3	Affected	—
2.6.17.2	Affected	—
2.6.17.1	Affected	—
2.6.17	Affected	—
2.6.16.31	Affected	—
2.6.16.30	Affected	—
2.6.16.29	Affected	—
2.6.16.28	Affected	—
2.6.16.27	Affected	—
2.6.16.26	Affected	—
2.6.16.25	Affected	—
2.6.16.24	Affected	—
2.6.16.23	Affected	—
2.6.16.22	Affected	—
2.6.16.21	Affected	—
2.6.16.20	Affected	—
2.6.16.19	Affected	—
2.6.16.18	Affected	—
2.6.16.17	Affected	—
2.6.16.16	Affected	—
2.6.16.15	Affected	—
2.6.16.14	Affected	—
2.6.16.13	Affected	—
2.6.16.12	Affected	—
2.6.16.11	Affected	—
2.6.16.10	Affected	—
2.6.16.9	Affected	—
2.6.16.8	Affected	—
2.6.16.7	Affected	—
2.6.16.6	Affected	—
2.6.16.5	Affected	—
2.6.16.4	Affected	—
2.6.16.3	Affected	—
2.6.16.2	Affected	—
2.6.16.1	Affected	—
2.6.16	Affected	—
2.6.15.7	Affected	—
2.6.15.6	Affected	—
2.6.15.5	Affected	—
2.6.15.4	Affected	—
2.6.15.3	Affected	—
2.6.15.2	Affected	—
2.6.15.1	Affected	—
2.6.15	Affected	—
2.6.14.7	Affected	—
2.6.14.6	Affected	—
2.6.14.5	Affected	—
2.6.14.4	Affected	—
2.6.14.3	Affected	—
2.6.14.1	Affected	—
2.6.14	Affected	—
2.6.13.5	Affected	—
2.6.13.4	Affected	—
2.6.13.3	Affected	—
2.6.13.2	Affected	—
2.6.13.1	Affected	—
2.6.13	Affected	—
2.6.12.6	Affected	—
2.6.12.5	Affected	—
2.6.12.4	Affected	—
2.6.12.3	Affected	—
2.6.12.2	Affected	—
2.6.12.1	Affected	—
2.6.12	Affected	—
2.6.11.12	Affected	—
2.6.11.11	Affected	—
2.6.11.10	Affected	—
2.6.11.9	Affected	—
2.6.11.8	Affected	—
2.6.11.7	Affected	—
2.6.11.6	Affected	—
2.6.11.5	Affected	—
2.6.11.4	Affected	—
2.6.11.3	Affected	—
2.6.11.2	Affected	—
2.6.11.1	Affected	—
2.6.11	Affected	—
2.6.10	Affected	—
2.6.9	Affected	—
2.6.8.1	Affected	—
2.6.8	Affected	—
2.6.7	Affected	—
2.6.6	Affected	—
2.6.5	Affected	—
2.6.4	Affected	—
2.6.3	Affected	—
2.6.2	Affected	—
2.6.1	Affected	—
2.6.0	Affected	—
—	Affected	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.