suse · CVE-2010-4170

Quick triage

Priority: high Published: 2021-05-30 12:54:43 UTC Updated: 2025-11-05 05:54:00 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2010-4170 severity important: SUSE including 4 source package names (systemtap, systemtap-runtime, systemtap-sdt-devel, systemtap-server), 15 product×package rows across 8 product lines (SUSE Linux Enterprise Server 11 SP1 for Teradata, SUSE Linux Enterprise Server 11 SP3 LTSS, … (8 product lines)): Known Not Affected 15.

Description:

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

cvelogic Threat Intelligence