CVE-2011-0521
kernel: av7110 negative array offset
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.
La función dvb_ca_ioctl function en drivers/media/dvb/ttpci/av7110_ca.c para el kernel Linux anterior a v2.6.38-rc2 no comprueba el signo de un campo entero determinado, lo que permite a usuarios locales causar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de un valor negativo.
Multiple vulnerabilities have been addressed in the Linux 2.6 kernel. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-01-20 CVE Reserved
- 2011-01-31 CVE Published
- 2011-09-14 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb26a24ee9706473f31d34cc259f4dcf45cd0644 | X_refsource_confirm | |
| http://secunia.com/advisories/43009 | Third Party Advisory | |
| http://secunia.com/advisories/46397 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2 | Broken Link | |
| http://www.securityfocus.com/archive/1/520102/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/45986 | Third Party Advisory | |
| http://www.securitytracker.com/id?1025195 | Third Party Advisory | |
| http://www.vmware.com/security/advisories/VMSA-2011-0012.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64988 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/105078 | 2011-09-14 |
| URL | Date | SRC |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/01/24/2 | 2023-02-13 | |
| http://openwall.com/lists/oss-security/2011/01/25/2 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2011-0521 | 2011-04-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=672398 | 2011-04-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.38 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.38" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.38 Search vendor "Linux" for product "Linux Kernel" and version "2.6.38" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.38 Search vendor "Linux" for product "Linux Kernel" and version "2.6.38" | rc1 |
Affected
| ||||||