CVE-2011-1163
kernel: fs/partitions: Corrupted OSF partition table infoleak
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
La función ofs/partitions/osf.c en el kernel de linux anterior a v2.6.38 no maneja correctamente un número inválido de particiones, lo que permite a usuarios locales obtner información sensible del heap mediante vectores relacionados con el análisis de la tabla de particiones.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-03-03 CVE Reserved
- 2011-03-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://downloads.avaya.com/css/P8/documents/100145416 | Third Party Advisory | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 | X_refsource_confirm | |
| http://securityreason.com/securityalert/8189 | Third Party Advisory | |
| http://securitytracker.com/id?1025225 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 | Broken Link | |
| http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/517050 | Mailing List | |
| http://www.securityfocus.com/bid/46878 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/03/15/14 | 2023-02-13 | |
| http://openwall.com/lists/oss-security/2011/03/15/9 | 2023-02-13 | |
| http://www.spinics.net/lists/mm-commits/msg82737.html | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=688021 | 2011-06-21 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2011-0833.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2011-1163 | 2011-06-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.38 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.38" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10" | sp4, ltss |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 5.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 5.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "5.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||