VDB
CVE-2010-2959
CVE-2010-2959
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
EPSS 0.40% · 60.8th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.40%
60.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| suse | linux_enterprise_real_time | 11 |
| debian | debian_linux | 5.0 |
| suse | linux_enterprise_desktop | 11 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_high_availability_extension | 11 |
| n/a | n/a | n/a |
| opensuse | opensuse | 11.3 |
| fedoraproject | fedora | 12 |
| linux | linux_kernel | 2.6.32, 2.6.35, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2010-2959 (circl-sighting)
- CIRCL seen: CVE-2010-2959 (circl-sighting)
- CIRCL confirmed: CVE-2010-2959 (circl-sighting)
- CIRCL seen: CVE-2010-2959 (circl-sighting)
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53 (circl)
- [oss-security] 20100820 kernel: can: add limit for nframes and clean up signed/unsigned variables (circl)
- SUSE-SA:2010:041 (circl)
- ADV-2010-2430 (circl)
- SUSE-SA:2011:007 (circl)
- ADV-2011-0298 (circl)
…and 14 more exploits
Timeline
- Aug 27, 2010 PoC Published
- Aug 27, 2010 PoC Published
- Sep 8, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- SUSE-SA:2010:041 vendor-advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6 url
- 42585 vdb
- FEDORA-2010-13903 vendor-advisory
- MDVSA-2010:198 vendor-advisory
- SUSE-SA:2010:040 vendor-advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53 url
- ADV-2010-2430 vdb
- SUSE-SA:2011:007 vendor-advisory
- ADV-2011-0298 vdb
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde url
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4 url
- DSA-2094 vendor-advisory
- [oss-security] 20100820 kernel: can: add limit for nframes and clean up signed/unsigned variables mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=625699 url
- http://jon.oberheide.org/files/i-can-haz-modharden.c url
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21 url
- 41512 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2010-2959 advisory
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5b75c4973ce779520b9d1e392483207d6f842cde url