CVE-2011-4914

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.39

Description The issue is related to the ROSE protocol implementation in the Linux kernel, where it fails to verify the consistency of certain data-length values with the amount of data sent. This could potentially allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service through an out-of-bounds read by sending crafted data to a ROSE socket.

Recommendations For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.