CVE-2010-3874
Bug #710680 reported by
Andy Whitcroft
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Low
|
Andy Whitcroft | ||
Dapper |
Invalid
|
Low
|
Andy Whitcroft | ||
Hardy |
Invalid
|
Low
|
Andy Whitcroft | ||
Karmic |
Fix Released
|
Low
|
Andy Whitcroft | ||
Lucid |
Fix Released
|
Low
|
Andy Whitcroft | ||
Maverick |
Fix Released
|
Low
|
Andy Whitcroft | ||
Natty |
Fix Released
|
Low
|
Andy Whitcroft | ||
linux-fsl-imx51 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Karmic |
Won't Fix
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Paolo Pisati | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c
(aka the Broadcast Manager) in the Controller Area Network (CAN)
implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms
might allow local users to cause a denial of service (memory corruption)
via a connect operation.
Related branches
CVE References
- 2010-0435
- 2010-3448
- 2010-3698
- 2010-3859
- 2010-3865
- 2010-3873
- 2010-3874
- 2010-3875
- 2010-3876
- 2010-3877
- 2010-3880
- 2010-4074
- 2010-4076
- 2010-4077
- 2010-4078
- 2010-4079
- 2010-4080
- 2010-4081
- 2010-4082
- 2010-4083
- 2010-4157
- 2010-4160
- 2010-4164
- 2010-4165
- 2010-4169
- 2010-4248
- 2010-4258
- 2010-4342
- 2010-4346
- 2010-4527
- 2010-4529
- 2010-4565
- 2010-4656
- 2011-0463
- 2011-0521
- 2011-0695
- 2011-0711
- 2011-0712
- 2011-1017
Changed in linux (Ubuntu Karmic): | |
status: | New → In Progress |
assignee: | nobody → Andy Whitcroft (apw) |
Changed in linux (Ubuntu Karmic): | |
status: | In Progress → Fix Committed |
tags: |
added: kernel-cve-tracking-bug removed: kernel-cve-tracker |
To post a comment you must log in.
The commit below is the upstream fix for this:
commit 0597d1b99fcfc2c 0eada09a698f85e d413d4ba84
Author: Oliver Hartkopp <email address hidden>
Date: Wed Nov 10 12:10:30 2010 +0000
can-bcm: fix minor heap overflow
On 64-bit platforms the ASCII representation of a pointer may be up to 17
bytes long. This patch increases the length of the buffer accordingly.
http:// marc.info/ ?l=linux- netdev& m=1288722514181 92&w=2
Reported-by: Dan Rosenberg <email address hidden>
Signed-off-by: Oliver Hartkopp <email address hidden>
CC: Linus Torvalds <email address hidden>
Signed-off-by: David S. Miller <email address hidden>