CVE-2010-4565
kernel: CAN info leak
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.
La función bcm_connect en net/can/bcm.c (también conocido como el Broadcast Manager) en la implementación del Controller Area Network en el kernel de Linux 2.6.36 y anteriores crea un archivo público accesible con un nombre que contiene una dirección de memoria del kernel, lo que permite a usuarios locales obtener información sensible sobre el uso de memoria del kernel listado por este nombre de archivo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-12-20 CVE Reserved
- 2010-12-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2010/11/03/3 | Mailing List | |
| http://openwall.com/lists/oss-security/2010/11/04/4 | Mailing List | |
| http://openwall.com/lists/oss-security/2010/12/20/2 | Mailing List | |
| http://openwall.com/lists/oss-security/2010/12/21/1 | Mailing List | |
| http://www.securityfocus.com/bid/44661 | Third Party Advisory | |
| http://www.spinics.net/lists/netdev/msg145796.html | Mailing List | |
| http://www.spinics.net/lists/netdev/msg146468.html | Mailing List |
| URL | Date | SRC |
|---|---|---|
| http://www.spinics.net/lists/netdev/msg145791.html | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.spinics.net/lists/netdev/msg146270.html | 2020-08-10 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 | 2020-08-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=664544 | 2011-05-10 | |
| https://access.redhat.com/security/cve/CVE-2010-4565 | 2011-05-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 2.6.36 Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.36" | - |
Affected
| ||||||