CVE-2011-2942 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference8 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 44.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux

Timeline

PublishedJun 8

Latest updateMay 17

Description

A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDlinux/linux_kernel2.6.18

Also affects: Enterprise Linux 5

🔴Vulnerability Details

GHSA

GHSA-cgjv-rvfj-3vrq: A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Oneiric backport) vulnerabilities↗2011-12-08

▶

Ubuntu

Linux kernel (Natty backport) vulnerabilities↗2011-11-09

▶

Red Hat

kernel: bridge: null pointer dereference in __br_deliver↗2011-10-20

▶

💬Community

Bugzilla

CVE-2011-2942 kernel: bridge: null pointer dereference in __br_deliver [fedora-all]↗2011-10-25

▶

Bugzilla

CVE-2011-2942 kernel: bridge: null pointer dereference in __br_deliver↗2011-08-16

▶