CVE-2010-2959
Published: 19 August 2010
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
From the Ubuntu Security Team
Ben Hawkes discovered an integer overflow in the Controller Area Network
Notes
Author | Note |
---|---|
smb | File bcm.c does not exist in Hardy and before. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
jaunty |
Released
(2.6.28-19.64)
|
|
karmic |
Released
(2.6.31-22.63)
|
|
lucid |
Released
(2.6.32-24.41)
|
|
maverick |
Released
(2.6.35-18.24)
|
|
upstream |
Released
(2.6.36~rc1)
|
|
Patches: vendor: http://www.spinics.net/lists/netdev/msg137652.html upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5b75c4973ce779520b9d1e392483207d6f842cde jaunty: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-2959/patches/jaunty/linux/0001-can-add-limit-for-nframes-and-clean-up-signed-unsigned.txt karmic: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-2959/patches/karmic/linux/0001-can-add-limit-for-nframes-and-clean-up-signed-unsigned.txt lucid: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-2959/patches/lucid/linux/0001-can-add-limit-for-nframes-and-clean-up-signed-unsigned.txt |
||
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-307.17)
|
|
lucid |
Released
(2.6.32-308.15)
|
|
maverick |
Ignored
(end of life)
|
|
upstream |
Released
(2.6.36~rc1)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-112.30)
|
|
lucid |
Released
(2.6.31-608.19)
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.36~rc1)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-214.30)
|
|
lucid |
Released
(2.6.32-208.24)
|
|
maverick |
Not vulnerable
|
|
upstream |
Released
(2.6.36~rc1)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.36~rc1)
|