Improper input validation in Linux kernel

1) Improper input validation

EUVDB-ID: #VU92622

Risk: Low

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2010-1173

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation error. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://marc.info/?l=oss-security&m=127251068407878&w=2
https://www.openwall.com/lists/oss-security/2010/04/29/1
https://kbase.redhat.com/faq/docs/DOC-31052
https://www.openwall.com/lists/oss-security/2010/04/29/6
https://bugzilla.redhat.com/show_bug.cgi?id=584645
https://article.gmane.org/gmane.linux.network/159531
https://www.debian.org/security/2010/dsa-2053
https://secunia.com/advisories/39830
https://www.redhat.com/support/errata/RHSA-2010-0474.html
https://secunia.com/advisories/40218
https://www.mandriva.com/security/advisories?name=MDVSA-2010:198
https://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://secunia.com/advisories/43315
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11416
https://www.securityfocus.com/archive/1/516397/100/0/threaded
https://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.