NULL pointer dereference in Linux kernel

Published: 2010-03-24 | Updated: 2024-07-03

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2010-0437
CWE-ID	CWE-476
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU93715

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2010-0437

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://www.openwall.com/lists/oss-security/2010/02/11/1
https://bugzilla.kernel.org/show_bug.cgi?id=11469
https://bugzilla.redhat.com/show_bug.cgi?id=563781
https://www.openwall.com/lists/oss-security/2010/03/04/4
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27
https://www.redhat.com/support/errata/RHSA-2010-0161.html
https://www.redhat.com/support/errata/RHSA-2010-0147.html
https://secunia.com/advisories/39033
https://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://secunia.com/advisories/43315
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10061
https://www.securityfocus.com/archive/1/516397/100/0/threaded
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e550dfb0c2c31b6363aa463a035fc9f8dcaa3c9b

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.