CVE-2010-4242

kernel: missing tty ops write function presence check in hci_uart_tty_open()

Severity Score

4.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.

La función hci_uart_tty_open del controlador HCI UART (drivers/bluetooth/hci_ldisc.c) del kernel de Linux 2.6.36, y posiblemente otras versiones, no verifica si el tty tiene una operación de escritura, lo que permite a usuarios locales provocar una denegación de servicio (desreferenciación de puntero a NULL) a través de vectores relacionados con el controlador de Bluetooth.

*Credits: N/A

CVSS Scores

NISTv2 4.0

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-11-16 CVE Reserved
2011-01-11 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (21)

URL	Tag	Source
http://secunia.com/advisories/42789	Third Party Advisory
http://secunia.com/advisories/42890	Third Party Advisory
http://secunia.com/advisories/42963	Third Party Advisory
http://secunia.com/advisories/43291	Third Party Advisory
http://secunia.com/advisories/46397	Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/45014	Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2011-0012.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2011/0024	Vdb Entry
http://www.vupen.com/english/advisories/2011/0168	Vdb Entry
http://www.vupen.com/english/advisories/2011/0375	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/64617	Vdb Entry
https://lkml.org/lkml/2010/10/7/255	Mailing List

URL	Date	SRC
http://xorl.wordpress.com/2010/12/01/cve-2010-4242-linux-kernel-bluetooth-hci-uart-invalid-pointer-access	2024-08-07

URL	Date	SRC
http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773	2018-10-10
https://bugzilla.redhat.com/show_bug.cgi?id=641410	2011-03-10

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html	2018-10-10
http://www.redhat.com/support/errata/RHSA-2011-0004.html	2018-10-10
http://www.redhat.com/support/errata/RHSA-2011-0007.html	2018-10-10
http://www.redhat.com/support/errata/RHSA-2011-0162.html	2018-10-10
https://access.redhat.com/security/cve/CVE-2010-4242	2011-03-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.36 Search vendor "Linux" for product "Linux Kernel" and version "2.6.36"		-		Affected