CVE-2010-4160

CVSS v2.0 6.9 (Medium)

EPSS 0.04 % (11^th)

Affected Products 5

Advisories 11

Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.

Weaknesses

CWE-190: Integer Overflow or Wraparound

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2011-01-07 12:00:48
(13 years ago)
Updated Date: 2023-02-13 04:27:32
(19 months ago)

Affected Products

Linux

Linux Kernel

Opensuse

Opensuse

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 2.6.36.2 version	cpe:2.3:o:linux:linux_kernel		< 2.6.36.2

Configuration #2

		CPE23	From	Up To
	Opensuse 11.2	cpe:2.3:o:opensuse:opensuse:11.2
	Suse Linux Enterprise Desktop 10 SP3	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3
	Suse Linux Enterprise Desktop 11 SP1	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1
	Suse Linux Enterprise Server 9	cpe:2.3:o:suse:linux_enterprise_server:9
	Suse Linux Enterprise Server 10 SP3	cpe:2.3:o:suse:linux_enterprise_server:10:sp3
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1
	Suse Linux Enterprise Software Development Kit 10 SP3	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3