CVE-2008-2812

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

7.8HIGH

EPSS

0.1%

top 73.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

14

Linux Linux Kernel Avaya Communication Manager Avaya Intuity Audix LX +11 more

Timeline

PublishedJul 9

Latest updateMay 1

Description

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

▶NVDlinux/linux_kernel< 2.6.25.10

▶NVDnovell/linux_desktop9

▶NVDavaya/sip_enablement_services4.0

▶NVDsuse/suse_linux_enterprise_server10

▶NVDsuse/suse_linux_enterprise_desktop10

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.04, 7.10, 8.04

Patches

Patch: www.debian.org ↗Patch: www.openwall.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-g469-pq25-x2qr: The Linux kernel before 2↗2022-05-01

▶

CVEList

CVE-2008-2812: The Linux kernel before 2↗2008-07-09

▶

📋Vendor Advisories

2

Ubuntu

Linux kernel vulnerabilities↗2008-08-25

▶

Red Hat

kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code↗2008-04-30

▶

💬Community

1

Bugzilla

CVE-2008-2812 kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code↗2008-06-30

▶