CVE-2010-2955
CVE-2010-2955 is a low-severity vulnerability in Linux Linux Kernel with a CVSS 2.0 base score of 2.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-193.
Key facts
- Severity: Low (CVSS 2.0 base score 2.1)
- EPSS exploit prediction: 0% (33rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-193
- Affected product: Linux Linux Kernel
- Published:
- Last modified:
Description
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
Frequently asked questions
- What is CVE-2010-2955?
- The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
- How severe is CVE-2010-2955?
- CVE-2010-2955 has a CVSS 2.0 base score of 2.1, rated low severity.
- Is CVE-2010-2955 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (33rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2010-2955?
- CVE-2010-2955 primarily affects Linux Linux Kernel. In total, 14 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2010-2955?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2010-2955 published?
- CVE-2010-2955 was published on 2010-09-08 and last updated on 2026-06-16.
References
- http://forums.grsecurity.net/viewtopic.php?f=3&t=2290
- http://git.kernel.org/?p=linux/kernel/git/linville/wireless-2.6.git%3Ba=commit%3Bh=42da2f948d949efd0111309f5827bf0298bcc9a4
- http://grsecurity.net/~spender/wireless-infoleak-fix2.patch
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- http://lkml.org/lkml/2010/8/27/413
- http://lkml.org/lkml/2010/8/30/127
- http://lkml.org/lkml/2010/8/30/146
- http://lkml.org/lkml/2010/8/30/351
- http://secunia.com/advisories/41245
- http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100831.bz2
- http://www.openwall.com/lists/oss-security/2010/08/31/1
- http://www.redhat.com/support/errata/RHSA-2010-0771.html
- http://www.redhat.com/support/errata/RHSA-2010-0842.html
- http://www.securityfocus.com/bid/42885
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vupen.com/english/advisories/2011/0298
- https://bugzilla.redhat.com/show_bug.cgi?id=628434
Affected products (14)
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
More vulnerabilities in Linux Linux Kernel
- CVE-2023-2163 — Critical (CVSS 10.0): Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe,…
- CVE-2015-8104 — Critical (CVSS 10.0): The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a…
- CVE-2015-1421 — Critical (CVSS 10.0): Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before…
- CVE-2014-2523 — Critical (CVSS 10.0): net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly,…
- CVE-2010-2495 — Critical (CVSS 10.0): The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does…
- CVE-2010-2521 — Critical (CVSS 10.0): Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before…
All CVEs affecting Linux Linux Kernel →
Other CWE-193 (Off-by-one Error) vulnerabilities
- CVE-2024-10442 — Critical (CVSS 10.0): Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066,…
- CVE-2026-53309 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlm_match_regions()…
- CVE-2024-38441 — Critical (CVSS 9.8): Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to…
- CVE-2023-46853 — Critical (CVSS 9.8): In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used…
- CVE-2023-38429 — Critical (CVSS 9.8): An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in…
- CVE-2022-34970 — Critical (CVSS 9.8): Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful…