CVE-2010-4342 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference14 documents7 sources

Severity

7.1HIGHNVD

EPSS

1.7%

top 17.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Suse Linux Enterprise Server

Timeline

PublishedDec 30

Latest updateMay 13

Description

The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶NVDlinux/linux_kernel< 2.6.37+1

▶NVDsuse/linux_enterprise_server9

Patches

Patch: marc.info ↗Patch: openwall.com ↗Patch: marc.info ↗

🔴Vulnerability Details

GHSA

GHSA-m73j-97v7-6695: The aun_incoming function in net/econet/af_econet↗2022-05-13

▶

CVEList

CVE-2010-4342: The aun_incoming function in net/econet/af_econet↗2010-12-30

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin BackWPup - Remote Code Execution / Local Code Execution↗2011-03-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

Ubuntu

Linux kernel vulnerabilities (Marvell Dove)↗2011-07-13

▶

Ubuntu

Linux kernel vulnerabilities (i.MX51)↗2011-07-06

▶

Ubuntu

Linux kernel vulnerabilities↗2011-06-01

▶

Ubuntu

Linux kernel vulnerabilities↗2011-05-24

▶

💬Community

Bugzilla

CVE kernel non-issue statements↗2010-05-13

▶