CVE-2010-4263 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

7.9HIGHNVD

EPSS

5.1%

top 10.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Vmware ESX Vmware Esxi

Timeline

PublishedJan 18

Latest updateMay 13

Description

The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages3 packages

▶NVDlinux/linux_kernel< 2.6.34

▶NVDvmware/esx7 versions+6

▶NVDvmware/esxi4 versions+3

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: bugzilla.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-r256-54f5-47p8: The igb_receive_skb function in drivers/net/igb/igb_main↗2022-05-13

▶

CVEList

CVE-2010-4263: The igb_receive_skb function in drivers/net/igb/igb_main↗2011-01-18

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities (Marvell Dove)↗2011-07-13

▶

Ubuntu

Linux kernel vulnerabilities↗2011-06-01

▶

Red Hat

kernel: igb panics when receiving tag vlan packet↗2010-03-19

▶

💬Community

Bugzilla

CVE-2010-4263 kernel: igb panics when receiving tag vlan packet↗2010-12-06

▶