SB2024080242 - Use after free in Linux kernel
Published: August 2, 2024
Security Bulletin ID
SB2024080242
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use after free (CVE-ID: CVE-2006-4997)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
Remediation
Install update from vendor's website.
References
- http://www.redhat.com/support/errata/RHSA-2006-0689.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265
- http://www.securityfocus.com/bid/20363
- http://secunia.com/advisories/22253
- http://secunia.com/advisories/22279
- http://secunia.com/advisories/22292
- http://www.redhat.com/support/errata/RHSA-2006-0710.html
- http://secunia.com/advisories/22497
- http://secunia.com/advisories/22762
- http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
- http://secunia.com/advisories/22945
- http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
- http://secunia.com/advisories/23064
- http://www.us.debian.org/security/2006/dsa-1233
- http://www.ubuntu.com/usn/usn-395-1
- http://secunia.com/advisories/23370
- http://secunia.com/advisories/23384
- http://www.us.debian.org/security/2006/dsa-1237
- http://secunia.com/advisories/23395
- http://www.novell.com/linux/security/advisories/2006_79_kernel.html
- http://securitytracker.com/id?1017526
- http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm
- http://www.redhat.com/support/errata/RHSA-2007-0012.html
- http://www.redhat.com/support/errata/RHSA-2007-0013.html
- http://secunia.com/advisories/23788
- http://secunia.com/advisories/23752
- http://secunia.com/advisories/24288
- http://www.securityfocus.com/archive/1/471457
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:197
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
- http://secunia.com/advisories/25691
- http://secunia.com/advisories/23474
- http://www.vupen.com/english/advisories/2006/3999
- http://www.vupen.com/english/advisories/2006/3937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29387
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe26109a9dfd9327fdbe630fc819e1b7450986b2