CVE-2010-2495: Null Pointer Dereference
First published: Wed Jun 23 2010(Updated: )
Description of problem: When transmitting L2TP frames, we derive the outgoing interface's UDP checksum hardware assist capabilities from the tunnel dst dev. This can sometimes be NULL, especially when routing protocols are used and routing changes occur. This patch just checks for NULL dst or dev pointers when checking for netdev hardware assist features. BUG: unable to handle kernel NULL pointer dereference at 0000000c IP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp] *pde = 00000000 Oops: 0000 [#1] SMP last sysfs file: /sys/class/net/lo/operstate Modules linked in: pppol2tp pppox ppp_generic slhc ipv6 dummy loop snd_hda_codec_atihdmi snd_hda_intel snd_hda_codec snd_ [...] Code: 8d 45 08 f0 ff 45 08 89 6b 08 c7 43 68 7e fb 9c f8 8a 45 24 83 e0 0c 3c 04 75 09 80 63 64 f3 e9 b4 00 00 00 8b 43 1 EIP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp] SS:ESP 0068:f70a9cac CR2: 000000000000000c Introduced in ffcebb16 (v2.6.29-rc1~581), fixed in 3feec909 (fixed in v2.6.34-rc2). Upstream commit: <a href="http://git.kernel.org/linus/ffcebb16">http://git.kernel.org/linus/ffcebb16</a> <a href="http://git.kernel.org/linus/3feec909">http://git.kernel.org/linus/3feec909</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux Kernel | <2.6.34 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =9.04 | |
| Ubuntu Linux | =9.10 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =10.10 | |
| SUSE Linux Enterprise Desktop | =11-sp1 | |
| SUSE Linux Enterprise High Availability Extension | =11-sp1 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| Linux kernel | <2.6.34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=607054
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.openwall.com/lists/oss-security/2010/06/23/3
- http://www.openwall.com/lists/oss-security/2010/07/04/3
- http://www.openwall.com/lists/oss-security/2010/07/04/2
- http://www.openwall.com/lists/oss-security/2010/07/06/11
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34
- https://launchpad.net/bugs/cve/CVE-2010-2495
- http://git.kernel.org/linus/ffcebb16
- http://git.kernel.org/linus/3feec909
- https://security-tracker.debian.org/tracker/CVE-2010-2495
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2495
- https://nvd.nist.gov/vuln/detail/CVE-2010-2495
- https://ubuntu.com/security/CVE-2010-2495
Frequently Asked Questions
What is the severity of CVE-2010-2495?
The severity of CVE-2010-2495 is classified as moderate, affecting the stability of L2TP frame transmission.
What systems are affected by CVE-2010-2495?
CVE-2010-2495 affects various versions of the Linux kernel, Ubuntu Linux, and SUSE Linux Enterprise products.
How do I fix CVE-2010-2495?
The recommended fix for CVE-2010-2495 is to upgrade to an updated version of the affected Linux kernel or relevant distributions.
Is there a workaround for CVE-2010-2495?
Currently, there are no known workarounds for CVE-2010-2495, so applying patches is essential.
When was CVE-2010-2495 disclosed?
CVE-2010-2495 was disclosed in August 2010, highlighting an issue with L2TP frame transmission.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2495
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-historical
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/8.04
- version/ubuntu linux/9.04
- version/ubuntu linux/9.10
- version/ubuntu linux/10.04
- version/ubuntu linux/10.10
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11-sp1
- canonical/suse linux enterprise high availability extension
- version/suse linux enterprise high availability extension/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp1
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/8.04
- version/ubuntu/9.04
- version/ubuntu/9.10
- version/ubuntu/10.04
- version/ubuntu/10.10