CVE-2010-3873Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-191Integer Underflow (Wrap or Wraparound)16 documents6 sources
Severity
7.8HIGHNVD
NVD5.0CNA5.0
EPSS
3.4%
top 12.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxOpensuse+4 more
Timeline
PublishedJan 3
Latest updateMay 13

Description

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

NVDlinux/linux_kernel< 2.6.36.2

Also affects: Debian Linux 5.0

Patches

Patch: www.spinics.netPatch: www.spinics.netPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-g9gm-m3h7-634p: The X2022-05-13
GHSA
GHSA-w8mw-h8pc-h94g: Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities2022-05-13
CVEList
CVE-2010-4164: Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities2011-01-03
CVEList
CVE-2010-3873: The X2011-01-03

📋Vendor Advisories

9
Ubuntu
Linux kernel (OMAP4) vulnerabilities2011-10-25
Ubuntu
Linux kernel vulnerabilities (i.MX51)2011-07-06
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)2011-03-25
Ubuntu
Linux kernel vulnerabilities2011-02-25
Ubuntu
Linux kernel vulnerabilities2011-02-25

💬Community

1
Bugzilla
CVE-2010-3873 kernel: memory corruption in X.25 facilities parsing2010-11-04
CVE-2010-3873 — Linux Kernel vulnerability | cvebase