CVE-2010-2954

Name of the Vulnerable Software and Affected Versions drbd-kmp-default versions (affected versions not specified) Linux kernel versions prior to 2.6.36-rc3-next-20100901

Description The issue affects the drbd-kmp-default package in openSUSE and the Linux kernel, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can occur locally. In the Linux kernel, the irda bind function does not properly handle the failure of the irda open tsap function, allowing local users to cause a denial of service via multiple unsuccessful calls to bind on an AF IRDA (aka PF IRDA) socket, such as /dev/irda.

Recommendations For drbd-kmp-default, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel versions prior to 2.6.36-rc3-next-20100901, update to version 2.6.36-rc3-next-20100901 or later to resolve the issue. As a temporary workaround, consider restricting access to the AF IRDA socket to minimize the risk of exploitation.