Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2959

CWE-190 — Integer Overflow CWE-119 — Buffer Overflow9 documents8 sources

Severity

7.2HIGH

EPSS

0.3%

top 43.92%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel Debian Debian Linux Fedoraproject Fedora +5 more

Timeline

PublishedSep 8

Latest updateMay 13

Description

Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages6 packages

▶NVDlinux/linux_kernel2.6.32 — 2.6.32.21+3

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_real_time11

▶NVDsuse/linux_enterprise_high_availability_extension11

Also affects: Debian Linux 5.0, Fedora 12

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-jj3r-mg29-qjwq: Integer overflow in net/can/bcm↗2022-05-13

▶

CVEList

CVE-2010-2959: Integer overflow in net/can/bcm↗2010-09-08

▶

VulnCheck

Linux Kernel Integer Overflow or Wraparound↗2010

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation↗2010-08-27

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2010-08-19

▶

Red Hat

kernel: can: add limit for nframes and clean up signed/unsigned variables↗2010-08-11

▶

💬Community

Bugzilla

CVE-2010-2959 kernel: can: add limit for nframes and clean up signed/unsigned variables↗2010-08-20

▶