Back to CVE Browser

CVE-2006-1368

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1430%

EPSS Percentile36.58th

PublishedMar 23, 2006

Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.

Affected Platforms (CPE)

💻

Linux

Linux Kernel

<= 2.6.15

References & Advisories

🔗 http://secunia.com/advisories/19330

🔗 http://secunia.com/advisories/19955

🔗 http://secunia.com/advisories/20671

🔗 http://secunia.com/advisories/20914

🔗 http://secunia.com/advisories/21045

🔗 http://www.debian.org/security/2006/dsa-1097

🔗 http://www.debian.org/security/2006/dsa-1103

🔗 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8763716bfe4d8a16bef28c9947cf9d799b1796a5

Related Vulnerabilities

CVE-2000-074710.0

The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and k...

CVE-2002-157210.0

Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown imp...

CVE-2000-050610.0

The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting th...

CVE-2002-157310.0

Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and...