CVE-2010-5332 - OpenCVE

In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926f91083f34d047abc74f1ca4fa6a9c161f7db
https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7db
https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
https://nvd.nist.gov/vuln/detail/CVE-2010-5332
https://support.f5.com/csp/article/K04146019
https://support.f5.com/csp/article/K04146019?utm_source=f5support&amp%3Butm_medium=RSS
https://www.cve.org/CVERecord?id=CVE-2010-5332

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-27T21:38:33

Updated: 2024-08-07T04:17:10.184Z

Reserved: 2019-07-27T00:00:00

Link: CVE-2010-5332

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-27T22:15:11.150

Modified: 2023-11-07T02:06:38.380

Link: CVE-2010-5332

Redhat

Severity : Moderate

Publid Date: 2019-07-27T00:00:00Z

Links: CVE-2010-5332 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T19:06:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7db"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926f91083f34d047abc74f1ca4fa6a9c161f7db"}, {"tags": ["x_refsource_MISC"], "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K04146019"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K04146019?utm_source=f5support&amp%3Butm_medium=RSS"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-5332", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7db", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7db"}, {"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926f91083f34d047abc74f1ca4fa6a9c161f7db", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926f91083f34d047abc74f1ca4fa6a9c161f7db"}, {"name": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", "refsource": "MISC", "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"name": "https://support.f5.com/csp/article/K04146019", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K04146019"}, {"name": "https://support.f5.com/csp/article/K04146019?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K04146019?utm_source=f5support&utm_medium=RSS"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:17:10.184Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7db"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926f91083f34d047abc74f1ca4fa6a9c161f7db"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K04146019"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K04146019?utm_source=f5support&amp%3Butm_medium=RSS"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-5332", "datePublished": "2019-07-27T21:38:33", "dateReserved": "2019-07-27T00:00:00", "dateUpdated": "2024-08-07T04:17:10.184Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "76630B45-B590-4651-972E-F938A83010C0", "versionEndExcluding": "2.6.37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access."}, {"lang": "es", "value": "En el kernel de Linux anterior a versi\u00f3n 2.6.37, se produjo un acceso a la matriz fuera de l\u00edmites en el archivo drivers/net/mlx4/port.c. Cuando se busca una entrada liberada en cualquiera de las funciones mlx4_register_vlan() o mlx4_register_mac(), y no se presenta ninguna entrada liberada, el bucle termina sin actualizar la liberaci\u00f3n de la variable local, lo que causa un acceso fuera de l\u00edmites de la matriz."}], "id": "CVE-2010-5332", "lastModified": "2023-11-07T02:06:38.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-27T22:15:11.150", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926f91083f34d047abc74f1ca4fa6a9c161f7db"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7db"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K04146019"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K04146019?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: out of bounds array access in drivers/net/mlx4/port.c", "id": "1743604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743604"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.", "An out-of-bounds read flaw was found in the mix4 Linux kernel driver. Registering the last of a VLAN or MAC address with no free entries may cause an out-of-bounds read into the next page of memory, causing a panic if the page is not available. The command can only be executed by a local privileged user with CAP_NET_ADMIN or CAP_SYS_ADMIN capabilities. The largest threat from this vulnerabilty is availability to the system."], "name": "CVE-2010-5332", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-07-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-5332\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5332"], "threat_severity": "Moderate"}