CVE-2007-4997

NameCVE-2007-4997
DescriptionInteger underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1428-1
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
fai-kernelssourceetch1.17+etch.13etch5highDSA-1428-1
linux-2.6source(unstable)2.6.23-1high
linux-2.6sourceetch2.6.18.dfsg.1-13etch5highDSA-1428-1
user-mode-linuxsourceetch2.6.18-1um-2etch.13etch5highDSA-1428-1
Search for package or bug name: Reporting problems