Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3535

include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface.

Published

2014-09-28T19:55:05.817

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System linux linux_kernel ≤ 2.6.35.13 Yes
Operating System linux linux_kernel 2.6.35 Yes
Operating System linux linux_kernel 2.6.35 Yes
Operating System linux linux_kernel 2.6.35 Yes
Operating System linux linux_kernel 2.6.35 Yes
Operating System linux linux_kernel 2.6.35 Yes
Operating System linux linux_kernel 2.6.35 Yes
Operating System linux linux_kernel 2.6.35 Yes
Operating System linux linux_kernel 2.6.35.1 Yes
Operating System linux linux_kernel 2.6.35.2 Yes
Operating System linux linux_kernel 2.6.35.3 Yes
Operating System linux linux_kernel 2.6.35.4 Yes
Operating System linux linux_kernel 2.6.35.5 Yes
Operating System linux linux_kernel 2.6.35.6 Yes
Operating System linux linux_kernel 2.6.35.7 Yes
Operating System linux linux_kernel 2.6.35.8 Yes
Operating System linux linux_kernel 2.6.35.9 Yes
Operating System linux linux_kernel 2.6.35.10 Yes
Operating System linux linux_kernel 2.6.35.11 Yes
Operating System linux linux_kernel 2.6.35.12 Yes
References