CVE-2006-4997 — Use After Free in Kernel

CWE-416 — Use After Free10 documents6 sources

Severity

7.5HIGHNVD

EPSS

35.0%

top 2.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Redhat Enterprise Linux

Timeline

PublishedOct 10

Latest updateMay 1

Description

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDlinux/linux_kernel< 2.6.18

Also affects: Ubuntu Linux 5.10, 6.06, 6.10, Enterprise Linux 2.1, 3, 4

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-684x-5684-48r7: The clip_mkip function in net/atm/clip↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2006-12-14

▶

Red Hat

security flaw↗2006-09-12

▶

📐Framework References

CWE

Use After Free↗

▶

💬Community

Bugzilla

CVE-2006-4997 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-4997 IP over ATM clip_mkip dereference freed pointer↗2006-09-20

▶

Bugzilla

CVE-2006-4997 IP over ATM clip_mkip dereference freed pointer↗2006-09-20

▶

Bugzilla

CVE-2006-4997 IP over ATM clip_mkip dereference freed pointer↗2006-09-13

▶

Bugzilla

CVE-2006-4997 IP over ATM clip_mkip dereference freed pointer↗2006-09-13

▶