VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 21, 2012· Updated Apr 29, 2026

CVE-2011-4914

CVE-2011-4914

Description

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • Linux/Kernel17 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=2.6.38.8
    • cpe:2.3:o:linux:linux_kernel:2.6.38:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38.1:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38.2:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38.3:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38.4:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38.5:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38.6:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38.7:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38:rc7:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.38:rc8:*:*:*:*:*:*
  • Novell/Suse Linux Enterprise Server
    cpe:2.3:o:novell:suse_linux_enterprise_server:10.0:sp4:*:*:ltss:*:*:*
  • Ubuntu/Linux Kernelllm-fuzzy
    Range: < 2.6.39

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.