CVE-2010-4164 — Integer Underflow (Wrap or Wraparound) in Kernel

CWE-191 — Integer Underflow (Wrap or Wraparound)13 documents6 sources

Severity

7.8HIGHNVD

CNA5.0

EPSS

2.0%

top 16.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

7

Linux Kernel Debian Linux Opensuse +4 more

Timeline

PublishedJan 3

Latest updateMay 13

Description

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages6 packages

▶NVDlinux/linux_kernel< 2.6.36.2

▶NVDsuse/linux_enterprise_server10, 11, 9+2

▶NVDsuse/linux_enterprise_desktop10, 11+1

▶NVDsuse/linux_enterprise_real_time_extension11

▶NVDsuse/linux_enterprise_software_development_kit10

Also affects: Debian Linux 5.0

Patches

Patch: marc.info ↗Patch: bugzilla.redhat.com ↗Patch: marc.info ↗

🔴Vulnerability Details

2

GHSA

GHSA-w8mw-h8pc-h94g: Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities↗2022-05-13

▶

CVEList

CVE-2010-4164: Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities↗2011-01-03

▶

📋Vendor Advisories

9

Ubuntu

Linux kernel vulnerabilities (i.MX51)↗2011-07-06

▶

Ubuntu

Linux kernel vulnerabilities↗2011-05-05

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-04-20

▶

Ubuntu

Linux kernel vulnerabilities↗2011-04-05

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

💬Community

1

Bugzilla

CVE-2010-4164 kernel: prevent crashing when parsing bad X.25↗2010-11-12

▶

CVE-2010-4164 — Integer Underflow (Wrap or Wraparound) | cvebase