CVE-2011-2213

Current Description

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

Basic Data

PublishedAugust 29, 2011
Last ModifiedJuly 31, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-835
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score4.9
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********2.6.39.3
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Aus5.6*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Eus5.6*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Eus 5.6
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Aus 5.6
Redhat Enterprise Linux Server 5.0
Linux Linux Kernel *

References

NameSourceURLTags
[netdev] 20110601 inet_diag insufficient validation?http://article.gmane.org/gmane.linux.network/197206MLISTBroken Link
[netdev] 20110601 Re: inet_diag insufficient validation?http://article.gmane.org/gmane.linux.network/197208MLISTBroken Link
[netdev] 20110603 Re: inet_diag insufficient validation?http://article.gmane.org/gmane.linux.network/197386MLISTBroken Link
[netdev] 20110617 [PATCH] inet_diag: fix inet_diag_bc_audit()http://article.gmane.org/gmane.linux.network/198809MLISTBroken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0dhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eeb1497277d6b1a0a34ed36bCONFIRMPatch Vendor Advisory
HPSBGN02970http://marc.info/?l=bugtraq&m=139447903326211&w=2HPThird Party Advisory
http://patchwork.ozlabs.org/patch/100857/http://patchwork.ozlabs.org/patch/100857/CONFIRMPatch Third Party Advisory
RHSA-2011:0927http://rhn.redhat.com/errata/RHSA-2011-0927.htmlREDHATThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3CONFIRMBroken Link
[oss-security] 20110620 CVE request: kernel: inet_diag: fix inet_diag_bc_audit()http://www.openwall.com/lists/oss-security/2011/06/20/1MLISTMailing List Third Party Advisory
[oss-security] 20110620 Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit()http://www.openwall.com/lists/oss-security/2011/06/20/13MLISTMailing List Third Party Advisory
[oss-security] 20110620 Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit()http://www.openwall.com/lists/oss-security/2011/06/20/16MLISTMailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=714536https://bugzilla.redhat.com/show_bug.cgi?id=714536CONFIRMIssue Tracking Third Party Advisory