CVE-2010-3310

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise kernel-vmipae-debuginfo versions (affected versions not specified) SUSE Linux Enterprise kernel-kdumppae-debuginfo versions (affected versions not specified) openSUSE drbd-kmp-default versions (affected versions not specified) Linux kernel versions prior to 2.6.36-rc5-next-20100923

Description The issue involves multiple vulnerabilities in various packages of SUSE Linux Enterprise and openSUSE operating systems, as well as the Linux kernel. These vulnerabilities can be exploited to disrupt the confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely in the case of kernel-vmipae-debuginfo and kernel-kdumppae-debuginfo packages, while the drbd-kmp-default package vulnerability can be exploited locally. The Linux kernel vulnerability is related to integer signedness errors in the net/rose/af rose.c file, allowing local users to cause a denial of service or possibly have other unspecified impacts via the rose getname function call, related to the rose bind and rose connect functions.

Recommendations For SUSE Linux Enterprise kernel-vmipae-debuginfo, consider restricting access to sensitive information until a patch is available. For SUSE Linux Enterprise kernel-kdumppae-debuginfo, restrict remote access to minimize the risk of exploitation. For openSUSE drbd-kmp-default, consider disabling the package temporarily to prevent local exploitation. For Linux kernel versions prior to 2.6.36-rc5-next-20100923, update to a version after 2.6.36-rc5-next-20100923 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for the SUSE Linux Enterprise kernel-vmipae-debuginfo, kernel-kdumppae-debuginfo, and openSUSE drbd-kmp-default vulnerabilities.