CVE-2010-4343 — Improper Initialization in Kernel

CWE-665 — Improper Initialization8 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Vmware ESX

Timeline

PublishedDec 29

Latest updateMay 13

Description

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlinux/linux_kernel< 2.6.35

▶NVDvmware/esx4.0, 4.1+1

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.spinics.net ↗

🔴Vulnerability Details

GHSA

GHSA-6fq2-2mw9-3j26: drivers/scsi/bfa/bfa_core↗2022-05-13

▶

CVEList

CVE-2010-4343: drivers/scsi/bfa/bfa_core↗2010-12-29

▶

📋Vendor Advisories

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

Ubuntu

Linux kernel vulnerabilities↗2011-03-02

▶

Ubuntu

Linux kernel vulnerabilities↗2011-03-01

▶

Red Hat

kernel: bfa driver sysfs crash↗2010-05-21

▶

💬Community

Bugzilla

CVE-2010-4343 kernel: bfa driver sysfs crash↗2010-12-08

▶