CVE Vulnerabilities

CVE-2008-2812

NULL Pointer Dereference

Published: Jul 09, 2008 | Modified: Aug 14, 2020
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * *
Red Hat Enterprise Linux 3 RedHat kernel-0:2.4.21-58.EL *
Red Hat Enterprise Linux 4 RedHat kernel-0:2.6.9-78.EL *
Red Hat Enterprise Linux 5 RedHat kernel-0:2.6.18-92.1.10.el5 *
Linux Ubuntu hardy *
Linux-source-2.6.15 Ubuntu dapper *
Linux-source-2.6.20 Ubuntu feisty *
Linux-source-2.6.22 Ubuntu gutsy *

Potential Mitigations

References