CVE-2007-2525

Description

Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.

4.9

CVSS

Severity: Medium

CVSS 2.0 •

EPSS 0.09%

Vendor Advisory novell.com Vendor Advisory novell.com Vendor Advisory mandriva.com Vendor Advisory ubuntu.com Vendor Advisory debian.org Vendor Advisory debian.org Vendor Advisory mandriva.com Vendor Advisory ubuntu.com Vendor Advisory mandriva.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory vupen.com

Affected: n/a n/a

References

Link	Tags
http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log	patch
http://www.vupen.com/english/advisories/2007/1703	vdb entry vendor advisory
http://secunia.com/advisories/27227	third party advisory vendor advisory
http://secunia.com/advisories/26664	third party advisory vendor advisory
http://www.novell.com/linux/security/advisories/2007_51_kernel.html	vendor advisory
http://www.novell.com/linux/security/advisories/2007_53_kernel.html	vendor advisory
http://secunia.com/advisories/26289	third party advisory vendor advisory
http://www.securityfocus.com/bid/23870	vdb entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10594	signature vdb entry
http://secunia.com/advisories/25838	third party advisory vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171	vendor advisory
http://www.ubuntu.com/usn/usn-510-1	vendor advisory
http://www.debian.org/security/2008/dsa-1504	vendor advisory
http://www.debian.org/security/2007/dsa-1356	vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216	vendor advisory
http://secunia.com/advisories/26620	third party advisory vendor advisory
http://www.ubuntu.com/usn/usn-489-1	vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34150	vdb entry
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196	vendor advisory
http://secunia.com/advisories/25163	patch vendor advisory third party advisory
http://www.debian.org/security/2008/dsa-1503	vendor advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm
http://secunia.com/advisories/29058	third party advisory vendor advisory
https://rhn.redhat.com/errata/RHSA-2007-0376.html	vendor advisory
http://www.ubuntu.com/usn/usn-486-1	vendor advisory
http://secunia.com/advisories/26450	third party advisory vendor advisory
http://secunia.com/advisories/25700	third party advisory vendor advisory
http://secunia.com/advisories/26139	third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2007-0488.html	vendor advisory
http://secunia.com/advisories/26133	third party advisory vendor advisory

Frequently Asked Questions

What is the severity of CVE-2007-2525?: CVE-2007-2525 has been scored as a medium severity vulnerability.
How to fix CVE-2007-2525?: To fix CVE-2007-2525, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-2525 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2007-2525 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.