CVE-2011-1593

Current Description

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

Basic Data

PublishedMay 03, 2011
Last ModifiedAugust 05, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-190
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score4.9
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********2.6.38.4
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux5.0*******
    2.3OSRedhatEnterprise Linux Aus5.6*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Eus5.6*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux8.04***lts***

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Eus 5.6
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Aus 5.6
Redhat Enterprise Linux Server 5.0
Canonical Ubuntu Linux 8.04
Linux Linux Kernel *

References

NameSourceURLTags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c78193e9c7bcbf25b8237ad0dec82f805c4ea69bhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c78193e9c7bcbf25b8237ad0CONFIRMPatch Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8bdc59f215e62098bc5b4256fd9928bf27053a1http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8bdc59f215e62098bc5b425CONFIRMPatch Vendor Advisory
[linux-kernel] 20110418 Re: Kernel panic (NULL ptr deref?) in find_ge_pid()/next_pidmap() (via sys_getdents or sys_readdir)http://groups.google.com/group/fa.linux.kernel/msg/4a28ecb7f755a88d?dmode=sourceMLISTExploit Third Party Advisory
[oss-security] 20110419 CVE request -- kernel: proc: signedness issue in next_pidmap()http://openwall.com/lists/oss-security/2011/04/19/1MLISTMailing List Patch Third Party Advisory
[oss-security] 20110420 Re: CVE request -- kernel: proc: signedness issue in next_pidmap()http://openwall.com/lists/oss-security/2011/04/20/1MLISTMailing List Patch Third Party Advisory
RHSA-2011:0927http://rhn.redhat.com/errata/RHSA-2011-0927.htmlREDHATThird Party Advisory
44164http://secunia.com/advisories/44164SECUNIAThird Party Advisory Vendor Advisory
1025420http://securitytracker.com/id?1025420SECTRACKThird Party Advisory VDB Entry
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.4http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.4CONFIRMRelease Notes Vendor Advisory
47497http://www.securityfocus.com/bid/47497BIDThird Party Advisory VDB Entry
USN-1146-1http://www.ubuntu.com/usn/USN-1146-1UBUNTUThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=697822https://bugzilla.redhat.com/show_bug.cgi?id=697822CONFIRMIssue Tracking Patch Third Party Advisory
kernel-nextpidmap-dos(66876)https://exchange.xforce.ibmcloud.com/vulnerabilities/66876XFThird Party Advisory VDB Entry