CVE-2010-4242

Severity

40%

Complexity

19%

Confidentiality

115%

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

CVSS 2.0 Base Score 4. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:C).

Overview

First reported 14 years ago

2011-01-11 03:00:00

Last updated 6 years ago

2018-10-10 20:07:00

Affected Software

Linux Kernel 2.6.36

2.6.36

References

http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773

Patch

SUSE-SA:2011:008

42789

42890

42963

43291

46397

RHSA-2011:0004

RHSA-2011:0007

RHSA-2011:0162

20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console

45014

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

ADV-2011-0024

ADV-2011-0168

ADV-2011-0375

http://xorl.wordpress.com/2010/12/01/cve-2010-4242-linux-kernel-bluetooth-hci-uart-invalid-pointer-access/

Exploit, Patch

https://bugzilla.redhat.com/show_bug.cgi?id=641410

Patch

kernel-hciuartttyopen-dos(64617)

[linux-kernel] 20101007 Peculiar stuff in hci_ath3k/badness in hci_uart

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.