Vulnerability Description
Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 2.6.22.7 |
Related Weaknesses (CWE)
References
- ftp://ftp.kernel.org/pub/linux/kernel/people/bunk/linux-2.6.16.y/testing/ChangeL
- http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git%3Ba=commitdiff%3Bh=04045f9
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
- http://secunia.com/advisories/27555
- http://secunia.com/advisories/27614
- http://secunia.com/advisories/27824
- http://secunia.com/advisories/27912
- http://secunia.com/advisories/28033
- http://secunia.com/advisories/28162
- http://secunia.com/advisories/28170
- http://secunia.com/advisories/28706
- http://secunia.com/advisories/28806
- http://secunia.com/advisories/28971
- http://www.debian.org/security/2007/dsa-1428
FAQ
What is CVE-2007-4997?
CVE-2007-4997 is a vulnerability with a CVSS score of 7.1 (HIGH). Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB le...
How severe is CVE-2007-4997?
CVE-2007-4997 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4997?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.