Multiple vulnerabilities in Linux kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2011-2707 CVE-2011-2918 CVE-2011-3188 CVE-2011-3191 CVE-2011-3353 CVE-2011-4081 CVE-2011-2699 CVE-2011-4594 CVE-2011-4112 |
| CWE-ID | CWE-200 CWE-400 CWE-20 CWE-119 CWE-120 CWE-476 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU44027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-2707
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to #BASIC_IMPACT#.
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3 External linkshttps://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d0138ebe24b94065580bd2601f8bb7eb6152f56
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.openwall.com/lists/oss-security/2011/07/20/18
https://github.com/torvalds/linux/commit/0d0138ebe24b94065580bd2601f8bb7eb6152f56
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU44029
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2011-2918
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8b0ca17b80e92faab46ee7179ba9e99ccb61233
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.openwall.com/lists/oss-security/2011/08/16/1
https://bugzilla.redhat.com/show_bug.cgi?id=730706
https://github.com/torvalds/linux/commit/a8b0ca17b80e92faab46ee7179ba9e99ccb61233
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Input validation error
EUVDB-ID: #VU44030
Risk: High
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2011-3188
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f
https://marc.info/?l=bugtraq&m=139447903326211&w=2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.openwall.com/lists/oss-security/2011/08/23/2
https://bugzilla.redhat.com/show_bug.cgi?id=732658
https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec
https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f
https://support.f5.com/csp/article/K15301?utm_source=f5support&utm_medium=RSS
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU44031
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2011-3191
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9438fabb73eb48055b58b89fc51e0bc4db22fabd
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.openwall.com/lists/oss-security/2011/08/24/2
https://bugzilla.redhat.com/show_bug.cgi?id=732869
https://github.com/torvalds/linux/commit/9438fabb73eb48055b58b89fc51e0bc4db22fabd
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU44032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-3353
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.openwall.com/lists/oss-security/2011/09/09/6
https://bugzilla.redhat.com/show_bug.cgi?id=736761
https://github.com/torvalds/linux/commit/c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU44036
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-4081
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate to version 3.1.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.openwall.com/lists/oss-security/2011/10/27/2
https://bugzilla.redhat.com/show_bug.cgi?id=749475
https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU44040
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2699
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87c48fa3b4630905f98268dde838ee43626a060c
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.openwall.com/lists/oss-security/2011/07/20/5
https://www.securitytracker.com/id?1027274
https://bugzilla.redhat.com/show_bug.cgi?id=723429
https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU44074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-4594
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc909d9ddbf7778371e36a651d6e4194b1cc7d4c
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.openwall.com/lists/oss-security/2011/12/08/4
https://bugzilla.redhat.com/show_bug.cgi?id=761646
https://github.com/torvalds/linux/commit/bc909d9ddbf7778371e36a651d6e4194b1cc7d4c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU44081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-4112
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.0.101
CPE2.3https://downloads.avaya.com/css/P8/documents/100156038
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://www.openwall.com/lists/oss-security/2011/11/21/4
https://bugzilla.redhat.com/show_bug.cgi?id=751006
https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
