CVE-2010-2959
HIGH severity · CVSS 7.2 · Integer overflow
7.2CVSS HIGH
Summary
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)4%
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlAdvisory
- http://secunia.com/advisories/41512
- http://www.debian.org/security/2010/dsa-2094Advisory
- http://jon.oberheide.org/files/i-can-haz-modharden.cAdvisory