CVE-2010-3310

2010-09-29 19:00:04 2018-11-27 21:22:39

Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.

Vector

LOCAL

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Linux Kernel 2.6.36 Release Candidate 4 Linux Kernel 2.6.36 Release Candidate 3 Linux Kernel 2.6.36 Release Candidate 2 Linux Kernel 2.6.36 Release Candidate 1 Linux Kernel 2.6.36 Debian GNU/Linux 5.0 Canonical Ubuntu Linux 10.10 Canonical Ubuntu Linux 10.04 LTS Canonical Ubuntu Linux 9.10 Canonical Ubuntu Linux 9.04 Canonical Ubuntu linux 8.04 ~~lts~~~ (not an official CPE) Canonical Ubuntu linux 6.06 ~~lts~~~ (not an official CPE)

Linux - Linux kernel Debian - Debian linux Canonical - Ubuntu linux

Advisory	Patch	Confirmed	Link
			[oss-security] 20100921 Re: CVE request: kernel: Heap co...
			[oss-security] 20100921 CVE request: kernel: Heap corrup...
			MDVSA-2011:051
			MDVSA-2011:029
			http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v...
			DSA-2126
			SUSE-SA:2011:008
			[linux-netdev] 20100920 [PATCH] rose: Fix signedness iss...
			SUSE-SA:2011:007
			SUSE-SA:2010:060
			SUSE-SA:2010:054
			SUSE-SA:2010:051
			SUSE-SA:2010:050
			http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6....
			43368
			USN-1000-1
			ADV-2011-0298
			ADV-2011-0375
			kernel-rose-bind-dos(61953)

CVE-2010-3310

2010-09-29 19:00:04 2018-11-27 21:22:39

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)