CVE-2011-1090

Опубликовано: 05 мар. 2011

Источник: redhat

CVSS2: 4.9

Описание

The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.

Отчет

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 4b580ee3 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise MRG 1	realtime-kernel	Affected
Red Hat Enterprise Linux 5	kernel	Fixed	RHSA-2011:0429	12.04.2011
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2011:0542	19.05.2011
Red Hat Enterprise Linux 6.0 EUS - Server Only	kernel	Fixed	RHSA-2011:0883	21.06.2011
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2011:1253	12.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=682641kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab

4.9 Medium

CVSS2

Связанные уязвимости

CVE-2011-1090

ubuntu

около 14 лет назад

CVE-2011-1090

nvd

около 14 лет назад

CVE-2011-1090

debian

около 14 лет назад

The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux ker ...

GHSA-fm35-8g86-28j5

github

около 3 лет назад

ELSA-2011-0429

oracle-oval

около 14 лет назад

ELSA-2011-0429: kernel security and bug fix update (IMPORTANT)

4.9 Medium

CVSS2