In 2010, 127 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 0 were rated Critical, 40 High severity , and 1 was confirmed as actively exploited in the wild (CISA KEV) . Compared to 2009's 106 CVEs, 2010 represented an increase of 20% year-on-year. September was the most active month, with 33 CVEs published.
Monthly CVE Breakdown — 2010
CVEs published per month with severity breakdown
September (33) was the most active month in 2010. Together the top months account for a significant share of 2010's 127 total CVEs. August (1) had the lowest volume.
Severity Distribution — 2010
Breakdown across 127 CVEs
40% Medium · 31% High · 0% Critical.
Monthly Counts — 2010
CVE counts by month and severity
September was the most active month with 33 CVEs — 26% of 2010's total. August (1) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 9 | 0 | 6 | 1 | 2 |
7%
|
| February | 7 | 0 | 1 | 5 | 1 |
6%
|
| March | 8 | 0 | 3 | 5 | 0 |
6%
|
| April | 11 | 0 | 6 | 4 | 1 |
9%
|
| May | 6 | 0 | 2 | 1 | 3 |
5%
|
| June | 6 | 0 | 0 | 4 | 2 |
5%
|
| August | 1 | 0 | 0 | 1 | 0 |
1%
|
| September | 33 | 0 | 16 | 8 | 9 |
26%
|
| October | 5 | 0 | 1 | 4 | 0 |
4%
|
| November | 22 | 0 | 3 | 7 | 12 |
17%
|
| December | 19 | 0 | 2 | 11 | 6 |
15%
|
| Total | 127 | 0 | 40 | 51 | 36 |
Actively exploited CVEs — 2010
1 CVE confirmed in CISA KEV catalog
All CVEs — 2010
127 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2010-2495 | linux | High | 10.0 | 2010-09-08 | The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does … | |
| CVE-2010-2521 | linux | High | 10.0 | 2010-09-07 | Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2… | |
| CVE-2009-4538 | linux | High | 10.0 | 2010-01-12 | drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the s… | |
| CVE-2010-3705 | linux | High | 8.3 | 2010-11-26 | The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate th… | |
| CVE-2010-2943 | linux | High | 8.1 | 2010-09-30 | The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode … | |
| CVE-2010-3904 | linux | High KEV | 7.8 | 2010-12-06 | The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the… | |
| CVE-2010-3432 | linux | High | 7.8 | 2010-11-22 | The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializa… | |
| CVE-2010-3081 | linux | High | 7.8 | 2010-09-24 | The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bi… | |
| CVE-2010-2492 | linux | High | 7.8 | 2010-09-08 | Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel… | |
| CVE-2010-2798 | linux | High | 7.8 | 2010-09-08 | The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in … |
2010 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2010 produced only 0 Critical-rated vulnerabilities. 40% of 2010 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2010 was uneven across months. September was the most active with 33 CVEs. August (1) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.