Published: 21/06/2012 Updated: 13/02/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

The ROSE protocol implementation in the Linux kernel prior to 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote malicious users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.38
linux linux kernel 2.6.38.3
linux linux kernel
linux linux kernel 2.6.38.6
linux linux kernel 2.6.38.1
linux linux kernel 2.6.38.5
linux linux kernel 2.6.38.2
linux linux kernel 2.6.38.4
linux linux kernel 2.6.38.7
novell suse linux enterprise server 10.0

Multiple kernel flaws have been fixed ...

Several security issues were fixed in the kernel ...

Multiple kernel flaws have been fixed ...

Multiple kernel flaws were fixed ...

Multiple kernel flaws have been fixed ...

CWE-20 http://www.openwall.com/lists/oss-security/2011/12/28/2 https://bugzilla.redhat.com/show_bug.cgi?id=770777 https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52 https://nvd.nist.gov https://usn.ubuntu.com/1204-1/

CVE-2011-4914

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect