CVE-2011-2689
kernel: gfs2: make sure fallocate bytes is a multiple of blksize
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.
La función gfs2_fallocate en fs/gfs2/file.c en el kernel de Linux anterior a v3.0-rc1 no garantiza que el tamaño de un trozo de asignación sea un múltiplo del tamaño de bloque, lo que permite a usuarios locales provocar una denegación de servicio (BUG y caída del sistema) mediante la organización de todos los grupos de recursos para tener un espacio libre muy reducido.
Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-07-11 CVE Reserved
- 2011-07-21 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6905d9e4dda6112f007e9090bca80507da158e63 | X_refsource_confirm | |
| http://secunia.com/advisories/45193 | Third Party Advisory | |
| http://securitytracker.com/id?1025776 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1 | Broken Link | |
| http://www.securityfocus.com/bid/48677 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68557 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/07/13/1 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=720861 | 2011-08-23 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=139447903326211&w=2 | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2011-1065.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2011-2689 | 2011-08-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.0 Search vendor "Linux" for product "Linux Kernel" and version " < 3.0" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0 Search vendor "Linux" for product "Linux Kernel" and version "3.0" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.0 Search vendor "Linux" for product "Linux Kernel" and version "3.0" | rc1 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0" | - |
Affected
| ||||||