Buffer overflow in Linux kernel - CVE-2011-4098
Published: June 8, 2013 / Updated: August 11, 2020
Vulnerability identifier: #VU42787
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2011-4098
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.
How to mitigate CVE-2011-4098
Install update from vendor's website.
Sources
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64dd153c83743af81f20924c6343652d731eeecb
- http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2
- https://github.com/torvalds/linux/commit/64dd153c83743af81f20924c6343652d731eeecb
- https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=fadca7bdc43b02f518585d9547019966415cadfd
- https://www.redhat.com/archives/cluster-devel/2011-September/msg00064.html