CVE-2011-3353

Опубликовано: 28 июл. 2011

Источник: redhat

CVSS2: 4.6

EPSS Низкий

Описание

Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.

Отчет

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as they did not provide support for FUSE. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 as they did not backport the upstream commit 3b463ae0c6264f that introduced this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1465.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2011:1465	22.11.2011
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2012:0010	10.01.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=736761kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message

EPSS

Процентиль: 18%

0.00057

Низкий

4.6 Medium

CVSS2

Связанные уязвимости

CVE-2011-3353

CVSS3: 5.5

ubuntu

около 13 лет назад

CVE-2011-3353

CVSS3: 5.5

nvd

около 13 лет назад

CVE-2011-3353

CVSS3: 5.5

debian

около 13 лет назад

Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev ...

GHSA-m294-4q6f-hm62

CVSS3: 5.5

github

около 3 лет назад

ELSA-2011-2033

oracle-oval

больше 13 лет назад

ELSA-2011-2033: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 18%

0.00057

Низкий

4.6 Medium

CVSS2