CVE-2011-4914Improper Input Validation in Kernel

CWE-20Improper Input ValidationCWE-228Improper Handling of Syntactically Invalid StructureCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer18 documents6 sources
Severity
6.4MEDIUMNVD
EPSS
1.1%
top 22.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelNovell Suse Linux Enterprise Server
Timeline
PublishedJun 21
Latest updateMay 17

Description

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDlinux/linux_kernel2.6.38.8+8

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-f8f2-gm5q-mw3w: The ROSE protocol implementation in the Linux kernel before 22022-05-17
CVEList
CVE-2011-4914: The ROSE protocol implementation in the Linux kernel before 22012-06-21

📋Vendor Advisories

13
Ubuntu
Linux kernel (Natty backport) vulnerabilities2011-11-09
Ubuntu
Linux kernel vulnerabilities2011-09-29
Ubuntu
Linux kernel (EC2) vulnerabilities2011-09-26
Ubuntu
Linux kernel (OMAP4) vulnerabilities2011-09-21
Ubuntu
Linux kernel vulnerabilities2011-09-21

💬Community

2
Bugzilla
CVE-2011-1493 CVE-2011-4913 CVE-2011-4914 kernel: multiple issues in rose protocol [fedora-all]2011-12-29
Bugzilla
CVE-2011-1493 CVE-2011-4913 CVE-2011-4914 kernel: multiple issues in rose protocol2011-12-29
CVE-2011-4914 — Improper Input Validation in Kernel | cvebase