PatchSiren

PatchSiren cyber security CVE debrief

CVE-2010-5328 Linux CVE debrief

CVE-2010-5328 is a Linux kernel denial-of-service issue in which signals with a process group ID of zero can reach the swapper process. According to the CVE description and NVD, this can let a local user crash the system on affected kernels before 2.6.35. NVD rates the issue as local, low-complexity, low-privilege, and availability-impacting only, which fits a kernel stability problem rather than a data-exposure or code-execution flaw.

Vendor
Linux
Product
CVE-2010-5328
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-06
Original CVE updated
2026-05-13
Advisory published
2017-02-06
Advisory updated
2026-05-13

Who should care

Linux distribution maintainers, kernel/package security teams, embedded device vendors, and administrators running older Linux kernels with local user access. Any environment that still includes kernels in the affected range should treat this as a patch-management item, especially multi-user systems and appliances that may expose untrusted local accounts.

Technical summary

The flaw is described in include/linux/init_task.h and involves signal delivery behavior for the swapper process. The kernel failed to block signals whose process group ID was zero from reaching that process, enabling a local user with access to that process group to trigger a denial of service. NVD lists vulnerable Linux kernel versions up through 2.6.34.7, and the reference set points to upstream kernel commits and the 2.6.35 changelog as the fix trail.

Defensive priority

Medium. This is not a remote exploit or known ransomware item, but it can still produce a full system crash on affected kernels. Prioritize remediation for any exposed or long-lived Linux systems that may still run pre-2.6.35 kernels or downstream derivatives of that codebase.

Recommended defensive actions

  • Confirm whether any running Linux kernel is older than 2.6.35 or otherwise matches the affected version range listed by NVD.
  • Apply the vendor or downstream kernel update that incorporates the upstream fixes referenced in the CVE record.
  • If immediate patching is not possible, reduce local trust exposure by limiting untrusted shell access and reviewing which users can interact with the system.
  • Use your standard kernel upgrade and reboot process to ensure the patched kernel is actually running.
  • Track this CVE in vulnerability management only for legacy systems; modern supported kernels should generally already include the fix.

Evidence notes

The debrief is based on the CVE description, NVD’s affected-version range (through 2.6.34.7), CVSS vector, and the official reference list that includes the Linux 2.6.35 changelog, upstream kernel commits, an oss-security post, and Red Hat bug tracking. No exploit mechanics beyond the published description are included.

Official resources

Publicly documented vulnerability with official CVE and NVD records, plus upstream kernel and mailing-list references. The supplied record indicates no Known Exploited Vulnerability designation and no ransomware campaign association.