Null pointer dereference

2009-08-1821:00:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.8%

JSON

cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability.

CPENameOperatorVersion
kerneleq2.6.24.7
kerneleq2.6.25.15
linux_kerneleq2.6.11
linux_kerneleq2.6.16.16
linux_kerneleq2.6.11.2
linux_kerneleq2.6.15.3
linux_kerneleq2.6.11.10
linux_kerneleq2.6.1
linux_kerneleq2.6.14.7
linux_kerneleq2.6.13

Name	Operator	Version
kernel	eq	2.6.24.7
kernel	eq	2.6.25.15
linux_kernel	eq	2.6.11
linux_kernel	eq	2.6.16.16
linux_kernel	eq	2.6.11.2
linux_kernel	eq	2.6.15.3
linux_kernel	eq	2.6.11.10
linux_kernel	eq	2.6.1
linux_kernel	eq	2.6.14.7
linux_kernel	eq	2.6.13