Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-1494

Опубликовано: 05 апр. 2011
Источник: redhat
CVSS2: 7.2
EPSS Низкий

Описание

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.

Отчет

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not provide support for MPT (Message Passing Technology) based controllers. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, and https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4kernelNot affected
Red Hat Enterprise MRG 1realtime-kernelAffected
Red Hat Enterprise Linux 5kernelFixedRHSA-2011:083331.05.2011
Red Hat Enterprise Linux 6kernelFixedRHSA-2011:054219.05.2011
Red Hat Enterprise Linux 6.0 EUS - Server OnlykernelFixedRHSA-2011:088321.06.2011
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2011:125312.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=694021kernel: drivers/scsi/mpt2sas: prevent heap overflows

EPSS

Процентиль: 36%
0.00145
Низкий

7.2 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-1494

ubuntu
около 14 лет назад

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.

nvd логотип

CVE-2011-1494

nvd
около 14 лет назад

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.

debian логотип

CVE-2011-1494

debian
около 14 лет назад

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/m ...

github логотип

GHSA-6p2h-v272-fh65

github
около 3 лет назад

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.

oracle-oval логотип

ELSA-2011-2016

oracle-oval
около 14 лет назад

ELSA-2011-2016: Unbreakable Enterprise kernel security fix update (IMPORTANT)

EPSS

Процентиль: 36%
0.00145
Низкий

7.2 High

CVSS2