PT-2012-1995 · Linux+1 · Linux Kernel+1
Dan Rosenberg
·
Published
2012-06-21
·
Updated
2023-02-13
·
CVE-2011-4914
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 2.6.39
Description
The issue is related to the ROSE protocol implementation in the Linux kernel, where it fails to verify the consistency of certain data-length values with the amount of data sent. This could potentially allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service through an out-of-bounds read by sending crafted data to a ROSE socket.
Recommendations
For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.
Exploit
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Suse