CVE-2011-4914

2012-06-2123:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-4914

linux kernel

rose protocol

denial of service

out-of-bounds read

nvd

5.9 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.38
linux:linux_kernellinux linux kerneleq2.6.38.3
linux:linux_kernellinux linux kernelle2.6.38.8
linux:linux_kernellinux linux kerneleq2.6.38.6
linux:linux_kernellinux linux kerneleq2.6.38.1
linux:linux_kernellinux linux kerneleq2.6.38.5
linux:linux_kernellinux linux kerneleq2.6.38.2
linux:linux_kernellinux linux kerneleq2.6.38.4
linux:linux_kernellinux linux kerneleq2.6.38.7
novell:suse_linux_enterprise_servernovell suse linux enterprise servereq10.0

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.38
linux:linux_kernel	linux linux kernel	eq	2.6.38.3
linux:linux_kernel	linux linux kernel	le	2.6.38.8
linux:linux_kernel	linux linux kernel	eq	2.6.38.6
linux:linux_kernel	linux linux kernel	eq	2.6.38.1
linux:linux_kernel	linux linux kernel	eq	2.6.38.5
linux:linux_kernel	linux linux kernel	eq	2.6.38.2
linux:linux_kernel	linux linux kernel	eq	2.6.38.4
linux:linux_kernel	linux linux kernel	eq	2.6.38.7
novell:suse_linux_enterprise_server	novell suse linux enterprise server	eq	10.0