CVE-2010-3880
5.8 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | eq | 2.6.37 |
| debian:debian_linux | debian debian linux | eq | 5.0 |
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860
openwall.com/lists/oss-security/2010/11/04/9
openwall.com/lists/oss-security/2010/11/05/3
secunia.com/advisories/42126
secunia.com/advisories/42789
secunia.com/advisories/42890
secunia.com/advisories/46397
www.debian.org/security/2010/dsa-2126
www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2
www.redhat.com/support/errata/RHSA-2010-0958.html
www.redhat.com/support/errata/RHSA-2011-0004.html
www.redhat.com/support/errata/RHSA-2011-0007.html
www.securityfocus.com/archive/1/520102/100/0/threaded
www.securityfocus.com/bid/44665
www.spinics.net/lists/netdev/msg145899.html
www.vmware.com/security/advisories/VMSA-2011-0012.html
www.vupen.com/english/advisories/2011/0024
bugzilla.redhat.com/show_bug.cgi?id=651264
Social References
More
Related
5.8 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%