CVE-2011-1163

Sažetak

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

Reference

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
https://bugzilla.redhat.com/show_bug.cgi?id=688021
http://securitytracker.com/id?1025225
http://openwall.com/lists/oss-security/2011/03/15/14
http://openwall.com/lists/oss-security/2011/03/15/9
http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt
http://www.spinics.net/lists/mm-commits/msg82737.html
http://www.securityfocus.com/archive/1/517050
http://www.securityfocus.com/bid/46878
http://securityreason.com/securityalert/8189
http://rhn.redhat.com/errata/RHSA-2011-0833.html
http://downloads.avaya.com/css/P8/documents/100145416
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 01:19

Objavljeno

10-04-2011 - 02:51