CVE-2009-2844 - Vulnerability Details

cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Kernel Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:a:linux:kernel:2.6.24.7:::::::*
	cpe:2.3:a:linux:kernel:2.6.25.15:::::::*
	cpe:2.3:o:linux:linux_kernel::-rc5::::::*
	cpe:2.3:o:linux:linux_kernel:2.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.8:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.9:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.11:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.11.12:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.12:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.12.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.12.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.12.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.12.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.12.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.12.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.13:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.13.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.13.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.13.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.13.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.13.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.14:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.14.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.14.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.14.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.14.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.14.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.14.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.14.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.15:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.15.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.15.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.15.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.15.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.15.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.15.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.15.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.11:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.12:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.13:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.14:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.15:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.19:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.20:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.21:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.22:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.23:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.24:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.25:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.26:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.27:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.28:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.29:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.30:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.31:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc2::::::
cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc3::::::
cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc4::::::

No data.

References

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e
http://jon.oberheide.org/files/cfg80211-remote-dos.c
http://secunia.com/advisories/36278
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
http://www.openwall.com/lists/oss-security/2009/08/17/1
http://www.openwall.com/lists/oss-security/2009/08/17/2
http://www.securityfocus.com/bid/36052

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-18T20:41:00

Updated: 2024-08-07T06:07:37.259Z

Reserved: 2009-08-18T00:00:00

Link: CVE-2009-2844

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-08-18T21:00:00.313

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-2844

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-08-29T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36278", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36278"}, {"tags": ["x_refsource_MISC"], "url": "http://jon.oberheide.org/files/cfg80211-remote-dos.c"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e"}, {"name": "[oss-security] 20090817 Re: CVE request: kernel: cfg80211: missing NULL pointer checks", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/08/17/2"}, {"name": "[oss-security] 20090817 CVE request: kernel: cfg80211: missing NULL pointer checks", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/08/17/1"}, {"name": "36052", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36052"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2844", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36278", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36278"}, {"name": "http://jon.oberheide.org/files/cfg80211-remote-dos.c", "refsource": "MISC", "url": "http://jon.oberheide.org/files/cfg80211-remote-dos.c"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e"}, {"name": "[oss-security] 20090817 Re: CVE request: kernel: cfg80211: missing NULL pointer checks", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/08/17/2"}, {"name": "[oss-security] 20090817 CVE request: kernel: cfg80211: missing NULL pointer checks", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/08/17/1"}, {"name": "36052", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36052"}, {"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:07:37.259Z"}, "title": "CVE Program Container", "references": [{"name": "36278", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36278"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jon.oberheide.org/files/cfg80211-remote-dos.c"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e"}, {"name": "[oss-security] 20090817 Re: CVE request: kernel: cfg80211: missing NULL pointer checks", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/08/17/2"}, {"name": "[oss-security] 20090817 CVE request: kernel: cfg80211: missing NULL pointer checks", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/08/17/1"}, {"name": "36052", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36052"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2844", "datePublished": "2009-08-18T20:41:00", "dateReserved": "2009-08-18T00:00:00", "dateUpdated": "2024-08-07T06:07:37.259Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linux:kernel:2.6.24.7:*:*:*:*:*:*:*", "matchCriteriaId": "1760FDC9-BB79-4299-8A6D-482085EE5BD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux:kernel:2.6.25.15:*:*:*:*:*:*:*", "matchCriteriaId": "56EEB157-5037-4EAD-8625-35B91B167111", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:-rc5:*:*:*:*:*:*", "matchCriteriaId": "6277DB43-CBB1-4E4A-B071-0D82CE293F3F", "versionEndIncluding": "2.6.16.31", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "0FC560CC-F785-42D5-A25B-1BA02E7AC464", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "142BCD48-8387-4D0C-A052-44DD4144CBFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8220D81-9065-471F-9256-CFE7B9941555", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "2CDE1E92-C64D-4A3B-95A2-384BD772B28B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "9D90502F-EC45-4ADC-9428-B94346DA660B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CD39A7A-9172-4B85-B8FE-CEB94207A897", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "35F5C369-6BFB-445F-AA8B-6F6FA7C33EF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "81DE32C2-5B07-4812-9F88-000F5FB000C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "02EED3D5-8F89-4B7F-A34B-52274B1A754F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "5F87AA89-F377-4BEB-B69F-809F5DA6176C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*", "matchCriteriaId": "C27AF62E-A026-43E9-89E6-CD807CE9DF51", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*", "matchCriteriaId": "79C2AE0E-DAE8-4443-B33F-6ABA9019AA88", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*", "matchCriteriaId": "D343B121-C007-49F8-9DE8-AA05CE58FF0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*", "matchCriteriaId": "7936B7EE-9CD1-4698-AD67-C619D0171A88", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*", "matchCriteriaId": "A1A2AA2D-5183-4C49-A59D-AEB7D9B5A69E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*", "matchCriteriaId": "3A0370A2-0A23-4E34-A2AC-8D87D051B0B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*", "matchCriteriaId": "5738D628-0B2D-4F56-9427-2009BFCB6C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F43EBCB4-FCF4-479A-A44D-D913F7F09C77", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C7BF3B2-CCD1-4D39-AE9C-AB24ABA57447", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "860F9225-8A3F-492C-B72B-5EFFB322802C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "19DFB4EF-EA1F-4680-9D97-2FDFAA4B4A25", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "57E23724-2CA4-4211-BB83-38661BE7E6AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "B0688B3F-F8F2-4C62-B7A3-08F9FDCE7A70", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "3896C4A6-C2F6-47CE-818A-7EB3DBF15BC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "6143DC1F-D62E-4DB2-AF43-30A07413D68B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "298266AB-2A36-4606-BF80-2185FC56C4D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "7C2658CA-56C2-494F-AC42-618EC413CBDF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "AD34526D-F2CC-44C5-991D-B1E41C327860", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "C2F0B900-34E9-4545-B7AE-AF0A4363EACE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "B36F432D-FED1-4B8D-A458-BEDEEF306AB1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "5220F0FE-C4CC-4E75-A16A-4ADCABA7E8B8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "25379B32-D898-4E44-A740-978A129B5E05", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "7B90F8F2-9549-413D-9676-3EF634D832B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "915E64EF-6EEC-4DE2-A285-5F3FCE389645", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*", "matchCriteriaId": "585BEE46-088A-494E-8E18-03F33F6BBEA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*", "matchCriteriaId": "EFF35478-B292-4A00-B985-CEEDE8B212C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*", "matchCriteriaId": "6E85846A-61BE-4896-B4A6-42A7E1DBA515", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*", "matchCriteriaId": "D6E3B925-031D-4F6D-915A-A16F0FFA878C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "7344B707-6145-48BA-8BC9-9B140A260BCF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BFCEA98-C708-4E1E-B189-E6F96D28F07A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "2B753112-CCDE-4870-AA97-4AAA2946421A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*", "matchCriteriaId": "79B3AFE7-F4FF-4144-9046-E5926E305A03", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*", "matchCriteriaId": "7616E197-ACCA-4191-A513-FD48417C7F88", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*", "matchCriteriaId": "ED1AA7FC-F5B9-406C-ABE4-0BE5E9889619", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*", "matchCriteriaId": "7EE2F94D-E8E0-4BB7-A910-378012580025", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*", "matchCriteriaId": "66F5AE3B-B701-4579-B44A-0F7A4267852E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "34E60197-56C3-485C-9609-B1C4A0E0FCB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "86E452E4-45A9-4469-BF69-F40B6598F0EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5751AC4-A60F-42C6-88E5-FC8CFEE6F696", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*", "matchCriteriaId": "1FF886A6-7E73-47AD-B6A5-A9EC5BEDCD0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*", "matchCriteriaId": "795C3B17-687E-4F33-AA99-8FEC16F14693", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*", "matchCriteriaId": "F2BDD5C7-9B6A-41B5-8679-5062B8A6E11B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*", "matchCriteriaId": "190D5E2C-AD60-41F4-B29D-FB8EA8CB5FF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*", "matchCriteriaId": "6B81A4DD-2ADE-4455-B517-5E4E0532D5A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*", "matchCriteriaId": "4BD589CC-666B-4FAA-BCF0-91C484BDDB09", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*", "matchCriteriaId": "4CD622EE-A840-42E1-B6BF-4AA27D039B12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*", "matchCriteriaId": "900D6742-DE0F-45C5-A812-BF84088CB02A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*", "matchCriteriaId": "225CA94C-8C84-4FA6-95D0-160A0016FBFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*", "matchCriteriaId": "D88ED3C4-64C5-44B2-9F23-E16087046C40", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*", "matchCriteriaId": "03FB31E5-190C-489A-AB30-910D2CC854F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*", "matchCriteriaId": "EF4A781A-4A41-466F-8426-10B40CF8BA1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*", "matchCriteriaId": "9ED29B3F-456B-4767-8E59-8C19A3B7E1D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*", "matchCriteriaId": "F6316369-B54A-4E59-A022-E0610353B284", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*", "matchCriteriaId": "073C3CE0-E12D-4545-8460-5A1514271D50", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*", "matchCriteriaId": "670FAA25-A86F-4E04-A3A0-0B3FF6CF9C26", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*", "matchCriteriaId": "AEB33DEA-13C7-4B36-AB8A-ED680679A071", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*", "matchCriteriaId": "86DD0FCC-BB12-410D-8C82-AB99C7C5311E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*", "matchCriteriaId": "83700989-8820-48DA-A9FE-6A77DF1E8439", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*", "matchCriteriaId": "CC9F4CEC-7781-468B-B460-4F487B7C6601", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*", "matchCriteriaId": "67C75A62-8807-4821-9362-1E0D63C0A1B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*", "matchCriteriaId": "894D4812-D62F-489E-8D0E-5E9468CE8EC9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*", "matchCriteriaId": "C1F92E01-4F08-4364-9E87-FFBC095E32E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc1:*:*:*:*:*:*", "matchCriteriaId": "EC36074C-C310-4341-8B3C-BB34E572BF94", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc2:*:*:*:*:*:*", "matchCriteriaId": "ECCC155A-C68C-44A8-8C44-7979C9889C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc3:*:*:*:*:*:*", "matchCriteriaId": "040EBFDA-7F8D-428F-BB69-BB1B52BB868B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc4:*:*:*:*:*:*", "matchCriteriaId": "69E703D2-8CC9-421A-9728-75E8FCFB4FE6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability."}, {"lang": "es", "value": "cfg80211 en el archivo net/wireless/scan.c en el kernel de Linux versi\u00f3n 2.6.30-rc1 y otras versiones anteriores a 2.6.31-rc6, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de una secuencia de tramas beacon en los que una trama omite un Elemento de Informaci\u00f3n (IE) SSID y la trama posterior contiene un IE SSID, que desencadena una desreferencia de un puntero NULL en la funci\u00f3n cmp_ies. NOTA: tambi\u00e9n se abord\u00f3 una potencial debilidad en la funci\u00f3n is_mesh, pero la condici\u00f3n relevante no exist\u00eda en el c\u00f3digo, por lo que no es una vulnerabilidad."}], "id": "CVE-2009-2844", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-18T21:00:00.313", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://jon.oberheide.org/files/cfg80211-remote-dos.c"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36278"}, {"source": "cve@mitre.org", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/08/17/1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/08/17/2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/36052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://jon.oberheide.org/files/cfg80211-remote-dos.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36278"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/08/17/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/08/17/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/36052"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG.\n\nPlease note this issue only affected Linux kernel versions after v2.6.30-rc1 and was fixed in v2.6.31-rc6.", "lastModified": "2009-08-19T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object