CVE-2010-2954NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference11 documents6 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 67.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelCanonical Ubuntu LinuxOpensuse+2 more
Timeline
PublishedSep 3
Latest updateMay 13

Description

The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages4 packages

NVDlinux/linux_kernel< 2.6.36+1

Also affects: Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10

Patches

Patch: marc.infoPatch: www.spinics.netPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-j38m-3grr-2p9j: The irda_bind function in net/irda/af_irda2022-05-13
CVEList
CVE-2010-2954: The irda_bind function in net/irda/af_irda2010-09-03

📋Vendor Advisories

7
Ubuntu
Linux kernel (OMAP4) vulnerabilities2011-04-20
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)2011-03-25
Ubuntu
Linux kernel vulnerabilities2011-03-03
Ubuntu
Linux kernel vulnerabilities2011-02-28
Ubuntu
Linux kernel vulnerabilities2011-02-25

💬Community

1
Bugzilla
CVE-2010-2954 kernel: NULL deref and panic in irda2010-08-31
CVE-2010-2954 — NULL Pointer Dereference in Kernel | cvebase