#VU95227 Use after free in Linux kernel - CVE-2006-4997
Published: August 2, 2024
Vulnerability identifier: #VU95227
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2006-4997
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
Remediation
Install update from vendor's repository.
External links
- http://www.redhat.com/support/errata/RHSA-2006-0689.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265
- http://www.securityfocus.com/bid/20363
- http://secunia.com/advisories/22253
- http://secunia.com/advisories/22279
- http://secunia.com/advisories/22292
- http://www.redhat.com/support/errata/RHSA-2006-0710.html
- http://secunia.com/advisories/22497
- http://secunia.com/advisories/22762
- http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
- http://secunia.com/advisories/22945
- http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
- http://secunia.com/advisories/23064
- http://www.us.debian.org/security/2006/dsa-1233
- http://www.ubuntu.com/usn/usn-395-1
- http://secunia.com/advisories/23370
- http://secunia.com/advisories/23384
- http://www.us.debian.org/security/2006/dsa-1237
- http://secunia.com/advisories/23395
- http://www.novell.com/linux/security/advisories/2006_79_kernel.html
- http://securitytracker.com/id?1017526
- http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm
- http://www.redhat.com/support/errata/RHSA-2007-0012.html
- http://www.redhat.com/support/errata/RHSA-2007-0013.html
- http://secunia.com/advisories/23788
- http://secunia.com/advisories/23752
- http://secunia.com/advisories/24288
- http://www.securityfocus.com/archive/1/471457
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:197
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
- http://secunia.com/advisories/25691
- http://secunia.com/advisories/23474
- http://www.vupen.com/english/advisories/2006/3999
- http://www.vupen.com/english/advisories/2006/3937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29387
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe26109a9dfd9327fdbe630fc819e1b7450986b2