CVE-2011-1576

Current Description

The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.

Basic Data

PublishedAugust 31, 2011
Last ModifiedApril 22, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:M/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score5.7
SeverityMEDIUM
Exploitability Score5.5
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSLinuxLinux Kernel2.6.18*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSRedhatEnterprise Linux5*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatEnterprise Virtualization Hypervisor********
    2.3OSRedhatEnterprise Linux6.0*******

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux 5, 6.0
Redhat Enterprise Virtualization Hypervisor *
Linux Linux Kernel 2.6.18

References

NameSourceURLTags
RHSA-2011:0927http://rhn.redhat.com/errata/RHSA-2011-0927.htmlREDHAT
RHSA-2011:1090http://www.redhat.com/support/errata/RHSA-2011-1090.htmlREDHATVendor Advisory
RHSA-2011:1106http://www.redhat.com/support/errata/RHSA-2011-1106.htmlREDHATVendor Advisory
48907http://www.securityfocus.com/bid/48907BID
1025853http://www.securitytracker.com/id?1025853SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=695173https://bugzilla.redhat.com/show_bug.cgi?id=695173CONFIRMPatch