MediumPublic exploit

Linux kernel pktcdvd pkt_find_dev_from_minor signedness error in PKT_CTRL_CMD_STATUS ioctl

IdentifiersCVE-2010-3437CWE-195

Integer signedness error in the Linux kernel pktcdvd block driver (drivers/block/pktcdvd.c) in the pkt_find_dev_from_minor() function, affecting kernels prior to 2.6.36-rc6. A crafted index value supplied via the PKT_CTRL_CMD_STATUS ioctl can be misinterpreted due to signed/unsigned handling, leading to an invalid pointer dereference and system crash, and potentially allowing disclosure of sensitive information from kernel memory.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Local attackers can trigger a denial of service via kernel crash (invalid pointer dereference) and may be able to obtain sensitive information from kernel memory as a result of the signedness error when processing a crafted index in the PKT_CTRL_CMD_STATUS ioctl path.

Mitigation

If you can’t patch tonight, do this now.

Restrict local access to the vulnerable ioctl interface by limiting untrusted local users/containers on affected hosts, and reduce exposure by disabling/unloading the pktcdvd module if not required. Apply distribution kernel updates/backports where available.

Remediation

Patch, then assume compromise.

Upgrade to a Linux kernel version that includes the fix (2.6.36-rc6 or later, or the corresponding stable backport from your distribution).

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

CanonicalUbuntu Linuxapplication

DebianDebian Linuxoperating_system

LinuxLinux Kerneloperating_system

OpensuseOpensuseoperating_system

SuseLinux Enterprise Desktopoperating_system

SuseLinux Enterprise Real Time Extensionoperating_system

SuseLinux Enterprise Serveroperating_system

SuseLinux Enterprise Software Development Kitoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

flareio blogNews

Feb 9, 2026

Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet - Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime

A Linux 2.6.x-era CVE referenced as part of SSHStalker’s legacy exploit module set; specific flaw details are not provided in the content.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2