CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
61.7%
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 3.8.11-1 | linux_3.8.11-1_all.deb |
Debian | 11 | all | linux | < 3.8.11-1 | linux_3.8.11-1_all.deb |
Debian | 999 | all | linux | < 3.8.11-1 | linux_3.8.11-1_all.deb |
Debian | 13 | all | linux | < 3.8.11-1 | linux_3.8.11-1_all.deb |