Input validation error in Linux kernel - CVE-2011-1163
Published: April 10, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45141
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2011-1163
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
How to mitigate CVE-2011-1163
Install update from vendor's website.
Sources
- http://downloads.avaya.com/css/P8/documents/100145416
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://openwall.com/lists/oss-security/2011/03/15/14
- http://openwall.com/lists/oss-security/2011/03/15/9
- http://rhn.redhat.com/errata/RHSA-2011-0833.html
- http://securityreason.com/securityalert/8189
- http://securitytracker.com/id?1025225
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
- http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt
- http://www.securityfocus.com/archive/1/517050
- http://www.securityfocus.com/bid/46878
- http://www.spinics.net/lists/mm-commits/msg82737.html
- https://bugzilla.redhat.com/show_bug.cgi?id=688021