Vulnerability Description
In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 2.6.37 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926fPatchVendor Advisory
- https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7dPatchThird Party Advisory
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37Broken Link
- https://support.f5.com/csp/article/K04146019Third Party Advisory
- https://support.f5.com/csp/article/K04146019?utm_source=f5support&%3Butm_medi
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926fPatchVendor Advisory
- https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7dPatchThird Party Advisory
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37Broken Link
- https://support.f5.com/csp/article/K04146019Third Party Advisory
- https://support.f5.com/csp/article/K04146019?utm_source=f5support&%3Butm_medi
FAQ
What is CVE-2010-5332?
CVE-2010-5332 is a vulnerability with a CVSS score of 5.6 (MEDIUM). In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there i...
How severe is CVE-2010-5332?
CVE-2010-5332 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5332?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.