CVE-2010-2959
Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
Desbordamiento de enterno en net/can/bcm en la implementación Controller Area Network (CAN) del kernel de Linux anterior a v2.6.27.53, v2.6.32.x anterior a v2.6.32.21, v2.6.34.x anterior a v2.6.34.6, y v2.6.35.x anterior a v2.6.35.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de sistema) a través de tráfico CAN manipulado.
Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. A local attacker could exploit this to gain control of certain applications, potentially leading to privilege escalation, as demonstrated in attacks against the X server. Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. A local attacker could exploit this to read previously freed kernel memory, leading to a loss of privacy. Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages. An attacker could send specially crafted CAN traffic to crash the system or gain root privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-08-04 CVE Reserved
- 2010-08-20 CVE Published
- 2010-08-27 First Exploit
- 2024-08-07 CVE Updated
- 2025-07-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde | X_refsource_confirm | |
| http://secunia.com/advisories/41512 | Broken Link | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53 | Broken Link | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21 | Broken Link | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6 | Broken Link | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4 | Broken Link | |
| http://www.openwall.com/lists/oss-security/2010/08/20/2 | Mailing List |
|
| http://www.vupen.com/english/advisories/2010/2430 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0298 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/93242 | 2010-08-28 | |
| https://www.exploit-db.com/exploits/14814 | 2010-08-27 | |
| http://jon.oberheide.org/files/i-can-haz-modharden.c | 2024-08-07 | |
| http://www.securityfocus.com/bid/42585 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=625699 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.27.53 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.27.53" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.32 < 2.6.32.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 2.6.32.21" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 2.6.34.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 2.6.34.6" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 2.6.35.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 2.6.35.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 12 Search vendor "Fedoraproject" for product "Fedora" and version "12" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.3 Search vendor "Opensuse" for product "Opensuse" and version "11.3" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 11 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11" | sp1 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise High Availability Extension Search vendor "Suse" for product "Linux Enterprise High Availability Extension" | 11 Search vendor "Suse" for product "Linux Enterprise High Availability Extension" and version "11" | sp1 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Real Time Search vendor "Suse" for product "Linux Enterprise Real Time" | 11 Search vendor "Suse" for product "Linux Enterprise Real Time" and version "11" | sp1 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | sp1 |
Affected
| ||||||