CVE-2010-3859

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.36.2 kernel-devel-2.6.9 version kernel-doc-2.6.9 version kernel-hugemem-2.6.9 version kernel-2.6.9 version kernel-largesmp-2.6.9 version kernel-smp-devel-2.6.9 version kernel-smp-2.6.9 version kernel-hugemem-devel-2.6.9 version kernel-largesmp-devel-2.6.9 version

Description The issue is related to multiple vulnerabilities in the Linux kernel, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are caused by multiple integer signedness errors in the TIPC implementation in the Linux kernel, allowing local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc msg build function in net/tipc/msg.c and the verify iovec function in net/core/iovec.c.

Recommendations For Linux kernel versions prior to 2.6.36.2, update to version 2.6.36.2 or later to resolve the issue. For kernel-devel-2.6.9, kernel-doc-2.6.9, kernel-hugemem-2.6.9, kernel-2.6.9, kernel-largesmp-2.6.9, kernel-smp-devel-2.6.9, kernel-smp-2.6.9, kernel-hugemem-devel-2.6.9, kernel-largesmp-devel-2.6.9 versions, consider disabling the tipc msg build and verify iovec functions as a temporary workaround until a patch is available. Restrict access to the TIPC implementation to minimize the risk of exploitation.