// For flags

CVE-2005-3274

 

Severity Score

4.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2005-10-20 CVE Reserved
  • 2005-10-20 CVE Published
  • 2024-02-09 EPSS Updated
  • 2024-10-15 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
References (22)
URL Tag Source
http://secunia.com/advisories/17826 Broken Link
http://secunia.com/advisories/18056 Broken Link
http://secunia.com/advisories/18684 Broken Link
http://secunia.com/advisories/18977 Broken Link
http://www.securityfocus.com/bid/15528 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11723 Broken Link
URL Date SRC
URL Date SRC
http://lkml.org/lkml/2005/6/23/249 2024-01-21
http://lkml.org/lkml/2005/6/24/173 2024-01-21
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=e684f066dff5628bb61ad1912de6e8058b5b4c7d 2024-01-21
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218 2024-01-21
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219 2024-01-21
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220 2024-01-21
http://www.mandriva.com/security/advisories?name=MDKSA-2005:235 2024-01-21
URL Date SRC
http://www.debian.org/security/2005/dsa-922 2024-01-21
http://www.redhat.com/support/errata/RHSA-2005-663.html 2024-01-21
http://www.redhat.com/support/errata/RHSA-2006-0190.html 2024-01-21
http://www.securityfocus.com/archive/1/427980/100/0/threaded 2024-01-21
http://www.securityfocus.com/archive/1/427981/100/0/threaded 2024-01-21
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044 2024-01-21
https://usn.ubuntu.com/219-1 2024-01-21
https://access.redhat.com/security/cve/CVE-2005-3274 2006-02-01
https://bugzilla.redhat.com/show_bug.cgi?id=1617811 2006-02-01
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.4.0 <= 2.4.31
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.4.0 <= 2.4.31"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.0 < 2.6.13
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.0 < 2.6.13"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected