CVE-2010-3849 — Vulnetix

CVE-2010-3849 PUBLISHED CVSS 4.699999809265137 MEDIUM

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

EPSS 0.18% · 39.3th percentile

Risk Scores

CVSS v2.0

4.699999809265137

EPSS Score

0.18%

39.3th percentile

Affected Products

Vendor	Product	Versions
suse	linux_enterprise_software_development_kit	10
suse	linux_enterprise_real_time_extension	11
debian	debian_linux	5.0
suse	linux_enterprise_server	10, 9
n/a	n/a	n/a
canonical	ubuntu_linux	10.04, 6.06, 10.10
suse	linux_enterprise_desktop	10
linux	linux_kernel	0

Timeline

Dec 7, 2010 PoC Published
Dec 8, 2010 PoC Published
Dec 30, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 17, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

43056 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=644156 url
20101207 Linux kernel exploit mailing-list
SUSE-SA:2011:007 vendor-advisory
[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET mailing-list
ADV-2011-0298 vdb
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 url
MDVSA-2010:257 vendor-advisory
SUSE-SA:2011:005 vendor-advisory
ADV-2011-0375 vdb
USN-1023-1 vendor-advisory
SUSE-SA:2011:008 vendor-advisory
43291 third-party-advisory
ADV-2011-0213 vdb
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96 url
DSA-2126 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2010-3849 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96 url

Open in Interactive Console →