Lucene search

[email protected]CVE-2008-3686

HistoryAug 14, 2008 - 10:41 p.m.

CVE-2008-3686

2008-08-1422:41:00

CWE-399

[email protected]

web.nvd.nist.gov

linux kernel

vulnerability

denial of service

cve-2008-3686

nvd

ipv6

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.

Affected configurations

NVD

Node

linuxlinux_kernelMatch2.6.26rc4

linuxlinux_kernelMatch2.6.26.2

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.26
linux:linux_kernellinux linux kerneleq2.6.26.2

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.26
linux:linux_kernel	linux linux kernel	eq	2.6.26.2

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5e0115e500fe9dd2ca11e6f92db9123204f1327a

lkml.org/lkml/2008/8/7/230

lkml.org/lkml/2008/8/8/7

secunia.com/advisories/31579

www.vupen.com/english/advisories/2008/2422

exchange.xforce.ibmcloud.com/vulnerabilities/44605

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-3686

prion1 nvd1 ubuntucve1 redhatcve1 cvelist1