CVE-2011-1576
kernel: net: Fix memory leak/corruption on VLAN GRO_DROP
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
Vulnerabilidad en la implementación de Generic Receive Offload (GRO) en el kernel de Linux versión 2.6.18 en Red Hat Enterprise Linux versiones 5 y 2.6.32 en Red Hat Enterprise Linux versión 6, tal y como se utiliza en el Hypervisor Red Hat Enterprise Virtualization (RHEV) y otros productos, permite a los atacantes remotos generar un denegación de servicio mediante paquetes VLAN creados que son procesados por la función napi_reuse_skb, lo que conduce a (1) una fuga de memoria o (2) daños en la memoria, una vulnerabilidad diferente a CVE-2011-1478.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-04-05 CVE Reserved
- 2011-07-15 CVE Published
- 2023-03-31 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/48907 | Vdb Entry | |
| http://www.securitytracker.com/id?1025853 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=695173 | 2011-09-12 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2011-0927.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-1090.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-1106.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2011-1576 | 2011-09-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.18 Search vendor "Linux" for product "Linux Kernel" and version "2.6.18" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5 Search vendor "Redhat" for product "Enterprise Linux" and version "5" | - |
Affected
|
| Redhat Search vendor "Redhat" | Enterprise Virtualization Hypervisor Search vendor "Redhat" for product "Enterprise Virtualization Hypervisor" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||