CVE-2011-1748

CVSS v2.0 4.9 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 15

The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2011-05-09 22:55:03
(13 years ago)
Updated Date: 2023-02-13 04:30:04
(19 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	Up To
Linux Kernel prior 2.6.39 version	cpe:2.3:o:linux:linux_kernel	< 2.6.39
Linux Kernel 2.6.39	cpe:2.3:o:linux:linux_kernel:2.6.39:-
Linux Kernel 2.6.39 Rc1	cpe:2.3:o:linux:linux_kernel:2.6.39:rc1
Linux Kernel 2.6.39 Rc2	cpe:2.3:o:linux:linux_kernel:2.6.39:rc2
Linux Kernel 2.6.39 Rc3	cpe:2.3:o:linux:linux_kernel:2.6.39:rc3
Linux Kernel 2.6.39 Rc4	cpe:2.3:o:linux:linux_kernel:2.6.39:rc4
Linux Kernel 2.6.39 Rc5	cpe:2.3:o:linux:linux_kernel:2.6.39:rc5