Vulnerability CVE-2011-1163
Published: 2011-04-09   Modified: 2012-02-13

Description:
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Linux Kernel 2.4 and 2.6 disclosure of sensitive information
Timo Warns
12.04.2011

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Linux -> Kernel 
Linux -> Linux kernel 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=688021
http://www.spinics.net/lists/mm-commits/msg82737.html
http://openwall.com/lists/oss-security/2011/03/15/9
http://openwall.com/lists/oss-security/2011/03/15/14
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
http://www.securityfocus.com/bid/46878
http://www.securityfocus.com/archive/1/517050
http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
http://securitytracker.com/id?1025225
http://securityreason.com/securityalert/8189
http://rhn.redhat.com/errata/RHSA-2011-0833.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://downloads.avaya.com/css/P8/documents/100145416
Copyright 2024, cxsecurity.com

 

Back to Top