CVE-2011-1598

Published May 9, 2011

Last updated 2 years ago

CVSS info 4.9

Overview

Description: The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "176353CE-F17E-4776-AD9F-19014DA75B76",
            "versionEndExcluding": "2.6.39"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6691E95C-E563-4730-BC6E-5B1F208DF350"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2493C2FB-2BA1-4DB3-BC04-E282C9CD399D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18DBC8AF-18ED-4879-8888-23022E494D14"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75EB375B-8ADF-4EAB-A3FB-ED5D35E5E719"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D49BB231-622E-4F20-97C8-E6289933912C"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D6859AA-DA7F-4AF9-8443-05962171D6E3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References