CVE-2010-4160 — Integer Overflow or Wraparound in Kernel

CWE-190 — Integer Overflow or Wraparound14 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.2%

top 62.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Opensuse Suse Linux Enterprise Desktop +2 more

Timeline

PublishedJan 7

Latest updateMay 13

Description

Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages5 packages

▶NVDlinux/linux_kernel< 2.6.36.2

▶NVDsuse/linux_enterprise_server10, 11, 9+2

▶NVDsuse/linux_enterprise_desktop10, 11+1

▶NVDsuse/linux_enterprise_software_development_kit10

▶NVDopensuse/opensuse11.2

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-xvf7-379r-cpg2: Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp↗2022-05-13

▶

CVEList

CVE-2010-4160: Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp↗2011-01-07

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (i.MX51) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

Ubuntu

Linux kernel vulnerabilities↗2011-03-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

💬Community

Bugzilla

CVE-2010-4650 kernel: fuse: verify ioctl retries↗2011-01-07

▶

Bugzilla

CVE-2010-4160 kernel: L2TP send buffer allocation size overflows↗2010-11-10

▶