CVE-2010-2478

NameCVE-2010-2478
DescriptionInteger overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linux-2.6sourcelenny(not affected)
linux-2.6source(unstable)2.6.32-19

Notes

[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
https://bugzilla.redhat.com/show_bug.cgi?id=608950
http://thread.gmane.org/gmane.linux.network/164869

Search for package or bug name: Reporting problems