ID CVE-2010-3874
Summary Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:linux:linux_kernel:2.6.36:*:*:*:*:*:x64:*
    cpe:2.3:o:linux:linux_kernel:2.6.36:*:*:*:*:*:x64:*
  • cpe:2.3:o:linux:linux_kernel:2.6.36.1:*:*:*:*:*:x64:*
    cpe:2.3:o:linux:linux_kernel:2.6.36.1:*:*:*:*:*:x64:*
  • cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 14-08-2020 - 16:30)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2010:0958
  • rhsa
    id RHSA-2011:0007
rpms
  • kernel-rt-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-debug-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-debug-debuginfo-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-debug-devel-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-debuginfo-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-debuginfo-common-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-devel-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-doc-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-trace-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-trace-debuginfo-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-trace-devel-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-vanilla-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-vanilla-debuginfo-0:2.6.33.7-rt29.47.el5rt
  • kernel-rt-vanilla-devel-0:2.6.33.7-rt29.47.el5rt
  • perf-0:2.6.33.7-rt29.47.el5rt
  • perf-debuginfo-0:2.6.33.7-rt29.47.el5rt
  • kernel-0:2.6.32-71.14.1.el6
  • kernel-bootwrapper-0:2.6.32-71.14.1.el6
  • kernel-debug-0:2.6.32-71.14.1.el6
  • kernel-debug-debuginfo-0:2.6.32-71.14.1.el6
  • kernel-debug-devel-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-71.14.1.el6
  • kernel-devel-0:2.6.32-71.14.1.el6
  • kernel-doc-0:2.6.32-71.14.1.el6
  • kernel-firmware-0:2.6.32-71.14.1.el6
  • kernel-headers-0:2.6.32-71.14.1.el6
  • kernel-kdump-0:2.6.32-71.14.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-71.14.1.el6
  • kernel-kdump-devel-0:2.6.32-71.14.1.el6
  • perf-0:2.6.32-71.14.1.el6
refmap via4
confirm
debian DSA-2126
fedora FEDORA-2010-18983
mandriva MDVSA-2011:029
mlist
  • [netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow
  • [netdev] 20101110 can-bcm: fix minor heap overflow
  • [oss-security] 20101103 CVE request: kernel: CAN information leak
  • [oss-security] 20101104 Re: CVE request: kernel: CAN information leak
  • [oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt
  • [oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt
secunia
  • 42745
  • 42778
  • 42801
  • 42890
  • 42932
suse
  • SUSE-SA:2011:001
  • SUSE-SA:2011:002
  • SUSE-SA:2011:004
  • SUSE-SA:2011:007
vupen
  • ADV-2010-3321
  • ADV-2011-0012
  • ADV-2011-0124
  • ADV-2011-0298
Last major update 14-08-2020 - 16:30
Published 29-12-2010 - 18:00
Last modified 14-08-2020 - 16:30
Back to Top