Updated: 2025-03-13 21:52:26.580528
Description:
In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsockopt() and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum and fix these issues by checking the contents of 'opt' and returning -EINVAL if they are too large. Also, switch to unsigned int and remove useless check for negative 'opt' in ROSE_IDLE case.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Ignored | 2025-03-10 22:52:31 | ||
| AlmaLinux 9.6 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Ignored | 2025-07-05 02:18:06 | ||
| CentOS 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2025-03-10 22:52:32 | ||
| CentOS 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2025-03-10 22:52:28 | ||
| CentOS 8.4 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2025-03-10 22:52:29 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2025-03-10 22:52:30 | ||
| CentOS Stream 8 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2025-03-11 00:54:10 | ||
| CloudLinux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2025-03-10 22:52:32 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2025-03-11 00:54:09 | ||
| Oracle Linux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2025-03-11 00:54:11 |