CVE-2011-4098

The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=64dd153c83743af81f20924c6343652d731eeecb
http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2	Patch
https://github.com/torvalds/linux/commit/64dd153c83743af81f20924c6343652d731eeecb
https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=fadca7bdc43b02f518585d9547019966415cadfd
https://www.redhat.com/archives/cluster-devel/2011-September/msg00064.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::rc7::::::*
	cpe:2.3:o:linux:linux_kernel:3.2:rc2::::::
	cpe:2.3:o:linux:linux_kernel:3.2:rc3::::::
	cpe:2.3:o:linux:linux_kernel:3.2:rc4::::::
	cpe:2.3:o:linux:linux_kernel:3.2:rc5::::::
	cpe:2.3:o:linux:linux_kernel:3.2:rc6::::::

History

No history.

Information

Published : 2013-06-08 13:05

Updated : 2024-02-04 18:16

NVD link : CVE-2011-4098

Mitre link : CVE-2011-4098

CVE.ORG link : CVE-2011-4098

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-4098", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-08T13:05:55.490", "references": [{"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=64dd153c83743af81f20924c6343652d731eeecb", "source": "secalert@redhat.com"}, {"url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/torvalds/linux/commit/64dd153c83743af81f20924c6343652d731eeecb", "source": "secalert@redhat.com"}, {"url": "https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=fadca7bdc43b02f518585d9547019966415cadfd", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/cluster-devel/2011-September/msg00064.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory."}, {"lang": "es", "value": "La implementaci\u00f3n de fallocate en el sistema de ficheros GFS2 de los kernel Linux anteriores a v3.2 conf\u00eda en la cach\u00e9, pudiendo permitir a usuarios locales provocar una denegaci\u00f3n de servicio mediante la pre-asignaci\u00f3n de bloques que suponen ciertas situaciones de memoria insuficiente."}], "lastModified": "2023-11-07T02:09:15.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A441F38B-6D44-4E61-8791-9E174767E496", "versionEndIncluding": "3.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}