CVE-2010-2478Integer Overflow or Wraparound in Kernel

CWE-190Integer Overflow or WraparoundCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-200Sensitive Information Exposure15 documents6 sources
Severity
7.2HIGHNVD
NVD2.1
EPSS
0.1%
top 74.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelCanonical Ubuntu LinuxOpensuse+3 more
Timeline
PublishedSep 29
Latest updateMay 13

Description

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages5 packages

NVDlinux/linux_kernel< 2.6.36+1
NVDopensuse/opensuse11.2, 11.3+1

Also affects: Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10

🔴Vulnerability Details

4
GHSA
GHSA-jh48-465p-8xm7: Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool2022-05-13
GHSA
GHSA-fp8j-xh66-8w79: The ethtool_get_rxnfc function in net/core/ethtool2022-05-13
CVEList
CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool2010-12-10
CVEList
CVE-2010-2478: Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool2010-09-29

📋Vendor Advisories

7
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)2011-03-25
Ubuntu
Linux kernel vulnerabilities2011-03-03
Ubuntu
Linux kernel vulnerabilities2011-02-28
Ubuntu
Linux kernel vulnerabilities2011-02-25
Ubuntu
Linux kernel vulnerabilities2010-10-19

💬Community

2
Bugzilla
CVE-2010-3861 kernel: heap contents leak from ETHTOOL_GRXCLSRLALL2010-10-26
Bugzilla
CVE-2010-2478 kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL2010-06-29
CVE-2010-2478 — Integer Overflow or Wraparound | cvebase