Multiple vulnerabilities in Linux kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2011-1478 CVE-2011-1076 CVE-2011-1093 CVE-2011-1013 CVE-2011-1163 CVE-2011-1082 CVE-2011-0711 |
| CWE-ID | CWE-476 CWE-787 CWE-20 CWE-400 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU44578
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1478
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed VLAN frame.
MitigationUpdate to version 2.6.38.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
External linkshttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=66c46d741e2e60f0e8b625b80edb0ab820c46d7a
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6d152e23ad1a7a5b40fef1f42e017d66e6115159
http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38
http://openwall.com/lists/oss-security/2011/03/28/1
http://secunia.com/advisories/46397
http://securityreason.com/securityalert/8480
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://bugzilla.redhat.com/show_bug.cgi?id=691270
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU44642
Risk: Medium
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1076
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate to version 2.6.38.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
External linkshttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1362fa078dae16776cd439791c6605b224ea6171
http://openwall.com/lists/oss-security/2011/03/04/13
http://securitytracker.com/id?1025162
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU44878
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1093
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate to version 2.6.38.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
External linkshttp://downloads.avaya.com/css/P8/documents/100145416
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d
http://openwall.com/lists/oss-security/2011/03/08/19
http://openwall.com/lists/oss-security/2011/03/08/4
http://rhn.redhat.com/errata/RHSA-2011-0833.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
http://www.securityfocus.com/bid/46793
http://bugzilla.redhat.com/show_bug.cgi?id=682954
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU45060
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1013
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
External linkshttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1922756124ddd53846877416d92ba4a802bc658f
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c.diff?r1=1.41;r2=1.42;f=h
http://www.securityfocus.com/bid/47639
http://bugzilla.redhat.com/show_bug.cgi?id=679925
http://exchange.xforce.ibmcloud.com/vulnerabilities/67199
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU45141
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
External linkshttp://downloads.avaya.com/css/P8/documents/100145416
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://openwall.com/lists/oss-security/2011/03/15/14
http://openwall.com/lists/oss-security/2011/03/15/9
http://rhn.redhat.com/errata/RHSA-2011-0833.html
http://securityreason.com/securityalert/8189
http://securitytracker.com/id?1025225
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt
http://www.securityfocus.com/archive/1/517050
http://www.securityfocus.com/bid/46878
http://www.spinics.net/lists/mm-commits/msg82737.html
http://bugzilla.redhat.com/show_bug.cgi?id=688021
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU45145
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-1082
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
External linkshttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e
http://openwall.com/lists/oss-security/2011/03/02/1
http://openwall.com/lists/oss-security/2011/03/02/2
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
http://bugzilla.redhat.com/show_bug.cgi?id=681575
http://lkml.org/lkml/2011/2/5/220
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Information disclosure
EUVDB-ID: #VU45286
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-0711
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
External linkshttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba
http://openwall.com/lists/oss-security/2011/02/16/10
http://openwall.com/lists/oss-security/2011/02/16/4
http://osvdb.org/70950
http://rhn.redhat.com/errata/RHSA-2011-0927.html
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log
http://www.securityfocus.com/bid/46417
http://bugzilla.redhat.com/show_bug.cgi?id=677260
http://patchwork.kernel.org/patch/555461/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
