7.9

CVE-2010-4263

Exploit

The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.34
VMwareEsx Version3.0.0
VMwareEsx Version3.0.1
VMwareEsx Version3.0.2
VMwareEsx Version3.0.3
VMwareEsx Version3.5
VMwareEsx Version3.5 Updateupdate1
VMwareEsx Version3.5 Updateupdate2
VMwareEsx Version3.5 Updateupdate3
VMwareEsx Version4.0
VMwareEsx Version4.1
VMwareESXi Version3.5
VMwareESXi Version3.5 Update1
VMwareESXi Version4.0
VMwareESXi Version4.0 Update1
VMwareESXi Version4.0 Update2
VMwareESXi Version4.0 Update3
VMwareESXi Version4.0 Update4
VMwareESXi Version4.1
VMwareESXi Version4.1 Update1
VMwareESXi Version4.1 Update2
VMwareESXi Version5.0
VMwareESXi Version5.0 Update1
VMwareESXi Version5.0 Update2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 5.08% 0.888
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.9 5.5 10
AV:A/AC:M/Au:N/C:C/I:C/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://openwall.com/lists/oss-security/2010/12/06/3
Patch
Third Party Advisory
Exploit
Mailing List
http://openwall.com/lists/oss-security/2010/12/06/9
Patch
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/45208
Third Party Advisory
VDB Entry
https://bugzilla.kernel.org/show_bug.cgi?id=15582
Patch
Vendor Advisory
Exploit
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=660188
Patch
Third Party Advisory
Exploit
Issue Tracking