CVE-2011-2898

Опубликовано: 07 июн. 2011

Источник: redhat

CVSS2: 1.9

EPSS Низкий

Описание

net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.

Отчет

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 393e52e3 that introduced this flaw. This has been addressed in Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2011:1350	05.10.2011
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2012:0010	10.01.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=728023kernel: af_packet: infoleak

EPSS

Процентиль: 24%

0.00078

Низкий

1.9 Low

CVSS2

Связанные уязвимости

CVE-2011-2898

CVSS3: 5.5

ubuntu

около 13 лет назад

CVE-2011-2898

CVSS3: 5.5

nvd

около 13 лет назад

CVE-2011-2898

CVSS3: 5.5

debian

около 13 лет назад

net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not pr ...

GHSA-xj6c-4x5p-6pj3

CVSS3: 5.5

github

около 3 лет назад

ELSA-2011-2029

oracle-oval

почти 14 лет назад

ELSA-2011-2029: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 24%

0.00078

Низкий

1.9 Low

CVSS2