CVE 2011-4914
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.
Related bugs and status
CVE-2011-4914 (Candidate) is related to these bugs:
Bug #912222: CVE-2011-4914
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
912222 | CVE-2011-4914 | linux (Ubuntu) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-fsl-imx51 (Ubuntu) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-mvl-dove (Ubuntu) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-maverick (Ubuntu) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-natty (Ubuntu) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-ti-omap4 (Ubuntu) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-ec2 (Ubuntu) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux (Ubuntu Precise) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-ec2 (Ubuntu Precise) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-fsl-imx51 (Ubuntu Precise) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-maverick (Ubuntu Precise) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-natty (Ubuntu Precise) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-mvl-dove (Ubuntu Precise) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-ti-omap4 (Ubuntu Precise) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux (Ubuntu Oneiric) | Low | Won't Fix | ||
912222 | CVE-2011-4914 | linux-ec2 (Ubuntu Oneiric) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-fsl-imx51 (Ubuntu Oneiric) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-maverick (Ubuntu Oneiric) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-natty (Ubuntu Oneiric) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-mvl-dove (Ubuntu Oneiric) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-ti-omap4 (Ubuntu Oneiric) | Low | Won't Fix | ||
912222 | CVE-2011-4914 | linux (Ubuntu Natty) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-ec2 (Ubuntu Natty) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-fsl-imx51 (Ubuntu Natty) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-maverick (Ubuntu Natty) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-natty (Ubuntu Natty) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-mvl-dove (Ubuntu Natty) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-ti-omap4 (Ubuntu Natty) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux (Ubuntu Maverick) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-ec2 (Ubuntu Maverick) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-fsl-imx51 (Ubuntu Maverick) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-maverick (Ubuntu Maverick) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-natty (Ubuntu Maverick) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-mvl-dove (Ubuntu Maverick) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-ti-omap4 (Ubuntu Maverick) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux (Ubuntu Lucid) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-ec2 (Ubuntu Lucid) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-fsl-imx51 (Ubuntu Lucid) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-lts-backport-maverick (Ubuntu Lucid) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-lts-backport-natty (Ubuntu Lucid) | Low | Won't Fix | ||
912222 | CVE-2011-4914 | linux-mvl-dove (Ubuntu Lucid) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-ti-omap4 (Ubuntu Lucid) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux (Ubuntu Hardy) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-ec2 (Ubuntu Hardy) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-fsl-imx51 (Ubuntu Hardy) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-maverick (Ubuntu Hardy) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-natty (Ubuntu Hardy) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-mvl-dove (Ubuntu Hardy) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-ti-omap4 (Ubuntu Hardy) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-oneiric (Ubuntu) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-oneiric (Ubuntu Hardy) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-oneiric (Ubuntu Lucid) | Low | Won't Fix | ||
912222 | CVE-2011-4914 | linux-lts-backport-oneiric (Ubuntu Maverick) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-oneiric (Ubuntu Natty) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-oneiric (Ubuntu Oneiric) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-oneiric (Ubuntu Precise) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-armadaxp (Ubuntu) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-armadaxp (Ubuntu Hardy) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-armadaxp (Ubuntu Lucid) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-armadaxp (Ubuntu Maverick) | Undecided | Invalid | ||
912222 | CVE-2011-4914 | linux-armadaxp (Ubuntu Natty) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-armadaxp (Ubuntu Oneiric) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-armadaxp (Ubuntu Precise) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux (Ubuntu Quantal) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-armadaxp (Ubuntu Quantal) | Low | Fix Released | ||
912222 | CVE-2011-4914 | linux-ec2 (Ubuntu Quantal) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-fsl-imx51 (Ubuntu Quantal) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-maverick (Ubuntu Quantal) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-natty (Ubuntu Quantal) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-lts-backport-oneiric (Ubuntu Quantal) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-mvl-dove (Ubuntu Quantal) | Low | Invalid | ||
912222 | CVE-2011-4914 | linux-ti-omap4 (Ubuntu Quantal) | Low | Invalid |
See the
CVE page on Mitre.org
for more details.