CVE-2010-3874 — MEDIUM (4.0)

Q: How severe is CVE-2010-3874?

CVE-2010-3874 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3874?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.

Vulnerability Description

Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation.

CVSS Score

4.0

MEDIUM

AV:L/AC:H/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.36.2
Fedoraproject	Fedora	13
Opensuse	Opensuse	11.2
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Real Time Extension	11
Suse	Linux Enterprise Server	11
Debian	Debian Linux	5.0

Related Weaknesses (CWE)

CWE-787

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.hThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/11/03/3Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/11/04/4Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/12/20/2Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/12/20/3Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/12/20/4Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/12/20/5Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2010/12/21/1Mailing ListThird Party Advisory
http://secunia.com/advisories/42745Third Party Advisory
http://secunia.com/advisories/42778Third Party Advisory

FAQ

What is CVE-2010-3874?

CVE-2010-3874 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit pl...

How severe is CVE-2010-3874?

CVE-2010-3874 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3874?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.