CVE-2010-2954
Published: 03 September 2010
The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.
From the Ubuntu security team
Tavis Ormandy discovered that the IRDA subsystem did not correctly shut down. A local attacker could exploit this to cause the system to crash or possibly gain root privileges.
Priority
Medium
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2954
- https://ubuntu.com/security/notices/USN-1000-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1093-1
- https://ubuntu.com/security/notices/USN-1119-1
- NVD
- Launchpad
- Debian