CVE-2011-1746

Current Description

Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.

Basic Data

PublishedMay 09, 2011
Last ModifiedJuly 28, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.9
SeverityMEDIUM
Exploitability Score3.4
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********2.6.38.5
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux5.0*******
    2.3OSRedhatEnterprise Linux Aus5.6*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Eus5.6*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Eus 5.6
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Aus 5.6
Redhat Enterprise Linux Server 5.0
Linux Linux Kernel *

References

NameSourceURLTags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952CONFIRMPatch Vendor Advisory
[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agphttp://openwall.com/lists/oss-security/2011/04/21/4MLISTMailing List Patch Third Party Advisory
[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agphttp://openwall.com/lists/oss-security/2011/04/22/7MLISTMailing List Patch Third Party Advisory
RHSA-2011:0927http://rhn.redhat.com/errata/RHSA-2011-0927.htmlREDHATThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5CONFIRMRelease Notes Vendor Advisory
47535http://www.securityfocus.com/bid/47535BIDThird Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=698998https://bugzilla.redhat.com/show_bug.cgi?id=698998CONFIRMIssue Tracking Patch Third Party Advisory
[linux-kernel] 20110414 [PATCH] char: agp: fix OOM and buffer overflowhttps://lkml.org/lkml/2011/4/14/294MLISTPatch Third Party Advisory
[linux-kernel] 20110419 Re: [PATCH] char: agp: fix OOM and buffer overflowhttps://lkml.org/lkml/2011/4/19/400MLISTThird Party Advisory