CVE-2006-1368 — Vulnetix

Try Vulnetix Request Demo

CVE-2006-1368 PUBLISHED CVSS 10 CRITICAL

Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.

EPSS 3.10% · 86.7th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

3.10%

86.7th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	0
n/a	n/a	n/a

Timeline

Mar 23, 2006 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Apr 11, 2023 EPSS Score
May 19, 2023 EPSS Score
Aug 16, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

17831 vdb
ADV-2006-2554 vdb
USN-281-1 vendor-advisory
ADV-2006-1046 vdb
MDKSA-2006:123 vendor-advisory
DSA-1097 vendor-advisory
19955 third-party-advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16 url
DSA-1103 vendor-advisory
21045 third-party-advisory
19330 third-party-advisory
20671 third-party-advisory
20914 third-party-advisory
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8763716bfe4d8a16bef28c9947cf9d799b1796a5 url
https://nvd.nist.gov/vuln/detail/CVE-2006-1368 advisory
https://usn.ubuntu.com/281-1 url
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5 url

Open in Interactive Console →