CVE-2010-2954

Name: CVE-2010-2954
Creator: NVD / NIST
Published: 2010-09-03T20:00:04.06+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.42%

Last modified Jun 16, 2026

CVE-2010-2954 is a vulnerability of currently unknown severity. The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.

Metrics

EPSS Probability

0.42%

33.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-476

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.36
Linux	Linux Kernel	2.6.36
Opensuse	Opensuse	11.3
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	8.04
Canonical	Ubuntu Linux	9.04
Canonical	Ubuntu Linux	9.10
Canonical	Ubuntu Linux	10.04
Canonical	Ubuntu Linux	10.10

References

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=628e300cccaa628d8fb92aa28cb7530a3d5f2257
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
http://marc.info/?l=oss-security&m=128331787923285&w=2Patch, Third Party Advisory
http://secunia.com/advisories/41234Third Party Advisory
http://secunia.com/advisories/41512Third Party Advisory
http://twitter.com/taviso/statuses/22635752128Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2Broken Link
http://www.spinics.net/lists/netdev/msg139404.htmlPatch, Third Party Advisory
http://www.ubuntu.com/usn/USN-1000-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/2266Third Party Advisory
http://www.vupen.com/english/advisories/2010/2430Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=628770Issue Tracking, Patch, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61522Third Party Advisory, VDB Entry
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=628e300cccaa628d8fb92aa28cb7530a3d5f2257
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
http://marc.info/?l=oss-security&m=128331787923285&w=2Patch, Third Party Advisory
http://secunia.com/advisories/41234Third Party Advisory
http://secunia.com/advisories/41512Third Party Advisory
http://twitter.com/taviso/statuses/22635752128Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2Broken Link
http://www.spinics.net/lists/netdev/msg139404.htmlPatch, Third Party Advisory
http://www.ubuntu.com/usn/USN-1000-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/2266Third Party Advisory
http://www.vupen.com/english/advisories/2010/2430Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=628770Issue Tracking, Patch, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61522Third Party Advisory, VDB Entry

Timeline

Published: Sep 3, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-2954?

How severe is CVE-2010-2954?

Severity scoring for CVE-2010-2954 is pending analysis. The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.

How do I fix CVE-2010-2954?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2954?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST