CVE-2010-2495

CWE-476 — NULL Pointer Dereference CWE-252 — Unchecked Return Value9 documents6 sources

Severity

10.0CRITICAL

EPSS

2.3%

top 15.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Suse Suse Linux Enterprise Desktop +2 more

Timeline

PublishedSep 8

Latest updateMay 13

Description

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.34

▶NVDsuse/suse_linux_enterprise_server11

▶NVDsuse/suse_linux_enterprise_desktop11

▶NVDsuse/suse_linux_enterprise_high_availability_extension11

Also affects: Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-j4g5-7mr3-h3w3: The pppol2tp_xmit function in drivers/net/pppol2tp↗2022-05-13

▶

CVEList

CVE-2010-2495: The pppol2tp_xmit function in drivers/net/pppol2tp↗2010-09-08

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2011-03-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-28

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2010-10-19

▶

Red Hat

kernel: l2tp: Fix oops in pppol2tp_xmit↗2010-03-16

▶

💬Community

Bugzilla

CVE-2010-2495 kernel: l2tp: Fix oops in pppol2tp_xmit↗2010-06-23

▶