Code injection

2011-08-2918:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

8.4%

JSON

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

CPENameOperatorVersion
linux_kernellt2.6.39.3
enterprise_linux_auseq5.6
enterprise_linux_desktopeq5.0
enterprise_linux_euseq5.6
enterprise_linux_servereq5.0
enterprise_linux_workstationeq5.0

Name	Operator	Version
linux_kernel	lt	2.6.39.3
enterprise_linux_aus	eq	5.6
enterprise_linux_desktop	eq	5.0
enterprise_linux_eus	eq	5.6
enterprise_linux_server	eq	5.0
enterprise_linux_workstation	eq	5.0