#VU95195 Resource management errors in Linux kernel - CVE-2010-1086

Cybersecurity Help s.r.o.

Published: 2010-04-07 | Updated: 2018-11-16

Vulnerability identifier: #VU95195

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2010-1086

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management errors error within the dvb_net_ule() function in drivers/media/dvb/dvb-core/dvb_net.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=29e1fa3565a7951cc415c634eb2b78dbdbee151d
https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html
https://secunia.com/advisories/39649
https://secunia.com/advisories/39742
https://secunia.com/advisories/39830
https://secunia.com/advisories/43315
https://support.avaya.com/css/P8/documents/100088287
https://support.avaya.com/css/P8/documents/100090459
https://www.debian.org/security/2010/dsa-2053
https://www.novell.com/linux/security/advisories/2010_23_kernel.html
https://www.openwall.com/lists/oss-security/2010/03/01/1
https://www.redhat.com/support/errata/RHSA-2010-0394.html
https://www.redhat.com/support/errata/RHSA-2010-0398.html
https://www.securityfocus.com/archive/1/516397/100/0/threaded
https://www.securityfocus.com/bid/38479
https://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=569237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10569

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource management errors in Linux kernel dvb dvb-core driver