CVE-2008-2812

HIGH

Linux Kernel < 2.6.25.10 - NULL Pointer Dereference

Title source: rule

Description

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

References (33)

[Patch] http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788

[Broken Link] http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

[Broken Link] http://secunia.com/advisories/30982

[Broken Link] http://secunia.com/advisories/31048

[Broken Link] http://secunia.com/advisories/31202

[Broken Link] http://secunia.com/advisories/31229

[Broken Link] http://secunia.com/advisories/31341

[Broken Link] http://secunia.com/advisories/31551

[Broken Link] http://secunia.com/advisories/31614

[Broken Link] http://secunia.com/advisories/31685

[Broken Link] http://secunia.com/advisories/32103

[Broken Link] http://secunia.com/advisories/32370

[Broken Link] http://secunia.com/advisories/32759

... and 13 more

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 26.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-476

Status draft

Affected Products (22)

linux/linux_kernel < 2.6.25.10

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

novell/linux_desktop

opensuse/opensuse

opensuse/opensuse

suse/suse_linux_enterprise_desktop

suse/suse_linux_enterprise_desktop

suse/suse_linux_enterprise_server

suse/suse_linux_enterprise_server

debian/debian_linux

avaya/communication_manager

avaya/expanded_meet-me_conferencing

... and 7 more

Timeline

Published Jul 09, 2008

Tracked Since Feb 18, 2026