The MITRE CVE dictionary describes this issue as:

The X.25 implementation in the Linux kernel before does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.

Find out more about CVE-2010-3873 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include support for CCITT X.25 Packet Layer.


Red Hat would like to thank Dan Rosenberg for reporting this issue.