ID CVE-2010-4242
Summary The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.36:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.36:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 10-10-2018 - 20:07)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2011:0004
  • rhsa
    id RHSA-2011:0007
  • rhsa
    id RHSA-2011:0162
rpms
  • kernel-0:2.6.18-194.32.1.el5
  • kernel-PAE-0:2.6.18-194.32.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-194.32.1.el5
  • kernel-PAE-devel-0:2.6.18-194.32.1.el5
  • kernel-debug-0:2.6.18-194.32.1.el5
  • kernel-debug-debuginfo-0:2.6.18-194.32.1.el5
  • kernel-debug-devel-0:2.6.18-194.32.1.el5
  • kernel-debuginfo-0:2.6.18-194.32.1.el5
  • kernel-debuginfo-common-0:2.6.18-194.32.1.el5
  • kernel-devel-0:2.6.18-194.32.1.el5
  • kernel-doc-0:2.6.18-194.32.1.el5
  • kernel-headers-0:2.6.18-194.32.1.el5
  • kernel-kdump-0:2.6.18-194.32.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-194.32.1.el5
  • kernel-kdump-devel-0:2.6.18-194.32.1.el5
  • kernel-xen-0:2.6.18-194.32.1.el5
  • kernel-xen-debuginfo-0:2.6.18-194.32.1.el5
  • kernel-xen-devel-0:2.6.18-194.32.1.el5
  • kernel-0:2.6.32-71.14.1.el6
  • kernel-bootwrapper-0:2.6.32-71.14.1.el6
  • kernel-debug-0:2.6.32-71.14.1.el6
  • kernel-debug-debuginfo-0:2.6.32-71.14.1.el6
  • kernel-debug-devel-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-71.14.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-71.14.1.el6
  • kernel-devel-0:2.6.32-71.14.1.el6
  • kernel-doc-0:2.6.32-71.14.1.el6
  • kernel-firmware-0:2.6.32-71.14.1.el6
  • kernel-headers-0:2.6.32-71.14.1.el6
  • kernel-kdump-0:2.6.32-71.14.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-71.14.1.el6
  • kernel-kdump-devel-0:2.6.32-71.14.1.el6
  • perf-0:2.6.32-71.14.1.el6
  • kernel-0:2.6.9-89.35.1.EL
  • kernel-debuginfo-0:2.6.9-89.35.1.EL
  • kernel-devel-0:2.6.9-89.35.1.EL
  • kernel-doc-0:2.6.9-89.35.1.EL
  • kernel-hugemem-0:2.6.9-89.35.1.EL
  • kernel-hugemem-devel-0:2.6.9-89.35.1.EL
  • kernel-largesmp-0:2.6.9-89.35.1.EL
  • kernel-largesmp-devel-0:2.6.9-89.35.1.EL
  • kernel-smp-0:2.6.9-89.35.1.EL
  • kernel-smp-devel-0:2.6.9-89.35.1.EL
  • kernel-xenU-0:2.6.9-89.35.1.EL
  • kernel-xenU-devel-0:2.6.9-89.35.1.EL
  • kernel-rt-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-debug-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-debug-debuginfo-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-debug-devel-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-debuginfo-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-debuginfo-common-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-devel-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-doc-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-trace-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-trace-debuginfo-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-trace-devel-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-vanilla-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-vanilla-debuginfo-0:2.6.33.7-rt29.55.el5rt
  • kernel-rt-vanilla-devel-0:2.6.33.7-rt29.55.el5rt
  • perf-0:2.6.33.7-rt29.55.el5rt
  • perf-debuginfo-0:2.6.33.7-rt29.55.el5rt
refmap via4
bid 45014
bugtraq 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
confirm
misc http://xorl.wordpress.com/2010/12/01/cve-2010-4242-linux-kernel-bluetooth-hci-uart-invalid-pointer-access/
mlist [linux-kernel] 20101007 Peculiar stuff in hci_ath3k/badness in hci_uart
secunia
  • 42789
  • 42890
  • 42963
  • 43291
  • 46397
suse SUSE-SA:2011:008
vupen
  • ADV-2011-0024
  • ADV-2011-0168
  • ADV-2011-0375
xf kernel-hciuartttyopen-dos(64617)
Last major update 10-10-2018 - 20:07
Published 11-01-2011 - 03:00
Last modified 10-10-2018 - 20:07
Back to Top