CVE-2010-2478

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.

References

http://article.gmane.org/gmane.linux.network/164869

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db048b69037e7fa6a7d9e95a1271a50dc08ae233

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7

http://www.openwall.com/lists/oss-security/2010/06/29/1

http://www.openwall.com/lists/oss-security/2010/06/29/3

http://www.openwall.com/lists/oss-security/2010/06/30/17

http://www.securityfocus.com/bid/41223

http://www.ubuntu.com/usn/USN-1000-1

https://bugzilla.redhat.com/show_bug.cgi?id=608950

Details

Source: MITRE

Published: 2010-09-29

Updated: 2020-08-07

Type: CWE-190

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
65101Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1)NessusUbuntu Local Security Checks
critical
65103Ubuntu 10.04 LTS / 10.10 : linux-mvl-dove vulnerabilities (USN-1093-1)NessusUbuntu Local Security Checks
high
51610SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3068 / 3069 / 3070)NessusSuSE Local Security Checks
critical
50044Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2, linux-source-2.6.15 vulnerabilities (USN-1000-1)NessusUbuntu Local Security Checks
critical
49671openSUSE Security Update : kernel (openSUSE-SU-2010:0664-1)NessusSuSE Local Security Checks
critical
47722Fedora 12 : kernel-2.6.32.16-141.fc12 (2010-10880)NessusFedora Local Security Checks
critical
47687Fedora 13 : kernel-2.6.33.6-147.fc13 (2010-10876)NessusFedora Local Security Checks
critical