SB2011090607 - Multiple vulnerabilities in Linux kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011090607

SB2011090607 - Multiple vulnerabilities in Linux kernel

Published: September 6, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011090607
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2011-2723)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.


2) Buffer overflow (CVE-ID: CVE-2011-2700)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.


Remediation

Install update from vendor's website.

References