Vulnerability Description
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/20703Vendor Advisory
- http://secunia.com/advisories/21057Vendor Advisory
- http://secunia.com/advisories/21298Vendor Advisory
- http://secunia.com/advisories/21605Vendor Advisory
- http://secunia.com/advisories/21614Vendor Advisory
- http://secunia.com/advisories/21934Vendor Advisory
- http://secunia.com/advisories/22093Vendor Advisory
- http://secunia.com/advisories/22174Vendor Advisory
- http://secunia.com/advisories/24547Vendor Advisory
- http://secunia.com/advisories/25226Vendor Advisory
- http://secunia.com/advisories/25683Vendor Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
- http://www.debian.org/security/2006/dsa-1184
- http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git%3Ba=blob%3Bh=4b
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
FAQ
What is CVE-2006-2936?
CVE-2006-2936 is a vulnerability with a CVSS score of 7.8 (HIGH). The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data t...
How severe is CVE-2006-2936?
CVE-2006-2936 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2936?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.