CVE-2010-2495

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.

Published: 2010-09-08 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-2495 is rated High Risk (70.3/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 2.31%). High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-2495

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-01-04 1.49% 2.31% +0.82%
2 2025-03-30 3.58% 1.49% -2.09%
3 2025-03-29 3.58%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-2495

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2010-2495

OS Trackers for CVE-2010-2495

vendor priority summary link
redhat high https://access.redhat.com/security/cve/CVE-2010-2495
suse medium CVE-2010-2495 severity moderate: SUSE including 46 source package names (btrfs-kmp-default-0_2.6.32.13_0.5-0.3.9, btrfs-kmp-pae-0_2.6.32.59_0.13-0.3.163, …), 317 product×package rows across 61 product lines (HPE Helion OpenStack 8, SUSE CaaS Platform 4.0, … (61 product lines)): Known Not Affected 286, Fixed 31. https://www.suse.com/security/cve/CVE-2010-2495/
ubuntu medium CVE-2010-2495 medium priority: Ubuntu including 5 source packages (linux, linux-ec2, linux-fsl-imx51, linux-lts-backport-maverick, linux-source-2.6.15), 32 status rows across 7 suites (dapper, hardy, jaunty, karmic, lucid, maverick, upstream): DNE 15, released 7, not-affected 5, needs-triage 4, ignored 1. https://ubuntu.com/security/CVE-2010-2495

Affected software / configurations for CVE-2010-2495

Vendor Product Version Raw CPE
linux linux_kernel < 2.6.34 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
canonical ubuntu_linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonical ubuntu_linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 9.04 cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
canonical ubuntu_linux 9.10 cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
canonical ubuntu_linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 10.10 cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
suse suse_linux_enterprise_desktop 11 cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
suse suse_linux_enterprise_high_availability_extension 11 cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*
suse suse_linux_enterprise_server 11 cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*

References for CVE-2010-2495

URL Tags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html Mailing List Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 Release Notes Vendor Advisory
http://www.openwall.com/lists/oss-security/2010/06/23/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/07/04/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/07/04/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/07/06/11 Mailing List Third Party Advisory
http://www.ubuntu.com/usn/USN-1000-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=607054 Issue Tracking Third Party Advisory Vendor Advisory
cvelogic Threat Intelligence