{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-11-06T15:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38"}, {"name": "69721", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69721"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:18.015Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38"}, {"name": "69721", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69721"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3535", "datePublished": "2014-09-28T19:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:18.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C162EC4-E7AD-47B4-B974-EF9F9468E80F", "versionEndIncluding": "2.6.35.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*", "matchCriteriaId": "5480B0CF-B462-4172-9F6E-D94B451CF869", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35:rc1:*:*:*:*:*:*", "matchCriteriaId": "17ACC235-F2C3-42B5-9244-DCCDC4704BA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35:rc2:*:*:*:*:*:*", "matchCriteriaId": "EA4BC3D2-70FF-4EED-9DC8-B378F88F4D36", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35:rc3:*:*:*:*:*:*", "matchCriteriaId": "A7ACC123-06D8-4A3F-8730-AA7FF6EFBD35", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35:rc4:*:*:*:*:*:*", "matchCriteriaId": "3F6891F7-2B07-4A96-A0D6-AC528B7E0DD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35:rc5:*:*:*:*:*:*", "matchCriteriaId": "657BCE5D-DC8B-4BE2-AED8-BC52C738F999", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35:rc6:*:*:*:*:*:*", "matchCriteriaId": "160E9402-241A-44AE-A92A-9629CA656F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2CD9FB1-AB83-427A-8923-97ED7ADFD63D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B2E5B71-BF7F-426A-BE5E-0481010725E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.3:*:*:*:*:*:*:*", "matchCriteriaId": "4540D1DF-9ED8-45DB-B868-BD195DDCB8B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.4:*:*:*:*:*:*:*", "matchCriteriaId": "CB33FE45-7254-4F8D-AC22-0FEA559A8567", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.5:*:*:*:*:*:*:*", "matchCriteriaId": "52E43E71-2F62-40E5-BF56-15D26806B7AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.6:*:*:*:*:*:*:*", "matchCriteriaId": "B422B61F-AE80-4F86-AACA-F86EE47983A5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.7:*:*:*:*:*:*:*", "matchCriteriaId": "BDA2DB37-7A2D-400D-889E-36175DCDF3FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.8:*:*:*:*:*:*:*", "matchCriteriaId": "40C2CAA9-8EAF-43C7-B0CE-D1A09663C49B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.9:*:*:*:*:*:*:*", "matchCriteriaId": "AA1CA35C-5F52-4095-B0EA-7A22481F4360", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.10:*:*:*:*:*:*:*", "matchCriteriaId": "EDB46950-0C6F-4A13-9425-3FCAF3C09A75", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.11:*:*:*:*:*:*:*", "matchCriteriaId": "55189BDD-5644-4B48-A94E-E71977F3376F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35.12:*:*:*:*:*:*:*", "matchCriteriaId": "D1DACBA1-004B-4416-A52B-235A607181AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface."}, {"lang": "es", "value": "include/linux/netdevice.h en el kernel de Linux anterior a 2.6.36 utiliza incorrectamente los macros para netdev_printk y su implementaci\u00f3n de registro relacionada, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda del sistema) mediante el envi\u00f3 de paquetes inv\u00e1lidos a una interfaz VxLAN."}], "id": "CVE-2014-3535", "lastModified": "2024-11-21T02:08:19.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-28T19:55:05.817", "references": [{"source": "[email protected]", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38"}, {"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/69721"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69721"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1167", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-431.29.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-09-09T00:00:00Z"}, {"advisory": "RHSA-2014:1168", "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package": "rhev-hypervisor6-0:6.5-20140821.1.el6ev", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2014-09-09T00:00:00Z"}], "bugzilla": {"description": "Kernel: netdevice.h: NULL pointer dereference over VxLAN", "id": "1114540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540"}, "csaw": false, "cvss": {"cvss_base_score": "5.4", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "status": "verified"}, "cwe": "CWE-228->CWE-476", "details": ["include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface.", "A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface."], "name": "CVE-2014-3535", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2014-09-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3535\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3535"], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 7 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 6\nmay address this issue.", "threat_severity": "Important"}