CVE-2008-2812

Publication date 9 July 2008

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.8 · High

Score breakdown

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

From the Ubuntu Security Team

It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service.

Status

Package Ubuntu Release Status
linux 8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 2.6.24-19.41
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
linux-source-2.6.15 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper
Fixed 2.6.15-52.71
linux-source-2.6.20 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty
Fixed 2.6.20-17.39
6.06 LTS dapper Not in release
linux-source-2.6.22 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy
Fixed 2.6.22-15.58
7.04 feisty Not in release
6.06 LTS dapper Not in release

Severity score breakdown

Parameter Value
Base score 7.8 · High
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-637-1
    • Linux kernel vulnerabilities
    • 25 August 2008

Other references