Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-5332

Опубликовано: 27 июл. 2019
Источник: redhat
CVSS3: 5.6
EPSS Низкий

Описание

In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.

An out-of-bounds read flaw was found in the mix4 Linux kernel driver. Registering the last of a VLAN or MAC address with no free entries may cause an out-of-bounds read into the next page of memory, causing a panic if the page is not available. The command can only be executed by a local privileged user with CAP_NET_ADMIN or CAP_SYS_ADMIN capabilities. The largest threat from this vulnerabilty is availability to the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernelNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1743604kernel: out of bounds array access in drivers/net/mlx4/port.c

EPSS

Процентиль: 29%
0.00105
Низкий

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2010-5332

CVSS3: 5.6
ubuntu
больше 6 лет назад

In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.

nvd логотип

CVE-2010-5332

CVSS3: 5.6
nvd
больше 6 лет назад

In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.

debian логотип

CVE-2010-5332

CVSS3: 5.6
debian
больше 6 лет назад

In the Linux kernel before 2.6.37, an out of bounds array access happe ...

github логотип

GHSA-rv5c-3qc2-9cmx

github
больше 3 лет назад

In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.

EPSS

Процентиль: 29%
0.00105
Низкий

5.6 Medium

CVSS3