SB2024080242 - Use after free in Linux kernel
Published: August 2, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use after free (CVE-ID: CVE-2006-4997)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
Remediation
Install update from vendor's website.
References
- http://www.redhat.com/support/errata/RHSA-2006-0689.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265
- http://www.securityfocus.com/bid/20363
- http://secunia.com/advisories/22253
- http://secunia.com/advisories/22279
- http://secunia.com/advisories/22292
- http://www.redhat.com/support/errata/RHSA-2006-0710.html
- http://secunia.com/advisories/22497
- http://secunia.com/advisories/22762
- http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
- http://secunia.com/advisories/22945
- http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
- http://secunia.com/advisories/23064
- http://www.us.debian.org/security/2006/dsa-1233
- http://www.ubuntu.com/usn/usn-395-1
- http://secunia.com/advisories/23370
- http://secunia.com/advisories/23384
- http://www.us.debian.org/security/2006/dsa-1237
- http://secunia.com/advisories/23395
- http://www.novell.com/linux/security/advisories/2006_79_kernel.html
- http://securitytracker.com/id?1017526
- http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm
- http://www.redhat.com/support/errata/RHSA-2007-0012.html
- http://www.redhat.com/support/errata/RHSA-2007-0013.html
- http://secunia.com/advisories/23788
- http://secunia.com/advisories/23752
- http://secunia.com/advisories/24288
- http://www.securityfocus.com/archive/1/471457
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:197
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
- http://secunia.com/advisories/25691
- http://secunia.com/advisories/23474
- http://www.vupen.com/english/advisories/2006/3999
- http://www.vupen.com/english/advisories/2006/3937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29387
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe26109a9dfd9327fdbe630fc819e1b7450986b2