Null pointer dereference

OpenBSD 4.2 allows local users to cause a denial of service kernel panic by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabelid2name function is not checked...

CVE-2008-0384

OpenBSD 4.2 is affected. Local users can cause a kernel panic by invoking the SIOCGIFRTLABEL IOCTL on an interface without a route label, triggering a NULL pointer dereference when the return value from rtlabel_id2name isn’t checked. The concrete root cause is an unchecked rtlabel_id2name result ...

CVE-2008-0384

OpenBSD 4.2 allows local users to cause a denial of service kernel panic by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabelid2name function is not checked...

openSUSE 10 Security Update : xen (xen-4854)

This update fixes various Xen issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service hypervisor crash by using a debug register DR7 to set certain breakpoints. CVE-2007-5907: Xen 3.1.1 does not prevent modification of the CR4 T...

Null pointer dereference

The ipv6hopjumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service NULL pointer dereference and kernel panic via a crafted IPv6 packet...

CVE-2007-4567

The ipv6hopjumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service NULL pointer dereference and kernel panic via a crafted IPv6 packet...

PT-2007-5736 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.22 Description: The issue is related to the improper validation of the hop-by-hop IPv6 extended header in the ipv6 hop jumbo function. This allows remote attackers to cause a denial of service, resulting in ...

CVE-2007-4567

The ipv6hopjumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service NULL pointer dereference and kernel panic via a crafted IPv6 packet...

Important: kernel security and bug fix update

2.6.9-67.0.1.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach Brown orabug 5760648 2.6.9-67.0.1 -kernel ieee80211 off-by-two integer underflow...

Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service

/ source: https://www.securityfocus.com/bid/26943/info The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers. Attackers can exploit this issue to cause a kernel panic, denying service to legitimate...

Code injection

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

CVE-2007-5938

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

CVE-2007-5938

CVE-2007-5938 describes a NULL pointer dereference in the iwl driver (iwlwifi 1.1.21 and earlier) where iwl_set_rate dereferences the value returned by iwl_get_hw_mode without NULL checking. This can trigger a kernel panic during module initialization, constituting a denial of service. The connec...

CVE-2007-5938

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

GLSA-200711-09 : MadWifi: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200711-09 MadWifi: Denial of Service Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large 'length' value in the 'xrates' element. Impact : A remote attacker could act as an acce...

SEC Consult SA-20071012-0 :: Madwifi xrates element remote DOS

SEC Consult Security Advisory 20071012-0 =================================================================================== title: Madwifi xrates element remote DOS program: Madwifi linux wlan driver for atheros chipsets vulnerable version: Madwifi = 0.9.3.2 homepage: www.madwifi.org found: July...

CVE-2007-5087

The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service kernel panic by reading /proc/net/atm/arp before the CLIP module has been loaded...

Linux Kernel Netfilter *_conntrack_proto_sctp.c sctp_new Function Unknown Chunk Type Remote DoS

There is a flaw in the SCTP code included in Linux kernel versions before 2.6.21.4 that results in a kernel panic when an SCTP packet with an unknown chunk type is received. An attacker can leverage this flaw to crash the remote host with a single, possibly forged, packet. C Tenable Network...

RHEL 5 : kernel (RHSA-2007:0099)

Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These n...

Integer overflow

Integer signedness error in the acl facl system call in Solaris 10 before 20070507 allows local users to cause a denial of service kernel panic and possibly gain privileges via a certain argument, related to ACESETACL...