CVE-2010-2955Off-by-one Error in Kernel

CWE-193Off-by-one Error12 documents7 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 73.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelCanonical Ubuntu LinuxOpensuse+3 more
Timeline
PublishedSep 8
Latest updateMay 13

Description

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages6 packages

NVDlinux/linux_kernel< 2.6.36+1
Ubuntulinux/linux_kernel< 3.11.0-12.19

Also affects: Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10

Patches

Patch: lkml.orgPatch: lkml.orgPatch: lkml.org

🔴Vulnerability Details

3
GHSA
GHSA-xj85-gxf6-hq98: The cfg80211_wext_giwessid function in net/wireless/wext-compat2022-05-13
CVEList
CVE-2010-2955: The cfg80211_wext_giwessid function in net/wireless/wext-compat2010-09-08
OSV
CVE-2010-2955: The cfg80211_wext_giwessid function in net/wireless/wext-compat2010-09-08

📋Vendor Advisories

7
Ubuntu
Linux kernel (OMAP4) vulnerabilities2011-04-20
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)2011-03-25
Ubuntu
Linux kernel vulnerabilities2011-03-03
Ubuntu
Linux kernel vulnerabilities2011-02-28
Ubuntu
Linux kernel vulnerabilities2011-02-25

💬Community

1
Bugzilla
CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl2010-08-30
CVE-2010-2955 — Off-by-one Error in Linux Kernel | cvebase