CVE-2011-1598
8.1 High
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | eq | 2.6.39 |
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c6914a6f261aca0c9f715f883a353ae7ff51fe83
openwall.com/lists/oss-security/2011/04/20/2
openwall.com/lists/oss-security/2011/04/20/6
openwall.com/lists/oss-security/2011/04/20/7
openwall.com/lists/oss-security/2011/04/21/1
openwall.com/lists/oss-security/2011/04/21/2
openwall.com/lists/oss-security/2011/04/21/7
openwall.com/lists/oss-security/2011/04/22/2
openwall.com/lists/oss-security/2011/04/25/4
permalink.gmane.org/gmane.linux.network/192898
www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6
www.securityfocus.com/bid/47503
bugzilla.redhat.com/show_bug.cgi?id=698057
Social References
More
Related
8.1 High
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%