CVE-2012-0038

Опубликовано: 16 дек. 2011

Источник: redhat

CVSS2: 6.2

EPSS Низкий

Описание

Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow.

Отчет

This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for the XFS file system. It did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it did not backport the upstream commit ef14f0c1 that introduced the vulnerability. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2012:0350	06.03.2012
Red Hat Enterprise Linux 6.1 EUS - Server Only	kernel	Fixed	RHSA-2012:1042	26.06.2012
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2012:0333	23.02.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=773280kernel: xfs heap overflow

EPSS

Процентиль: 20%

0.00063

Низкий

6.2 Medium

CVSS2

Связанные уязвимости

CVE-2012-0038

CVSS3: 5.5

ubuntu

около 13 лет назад

CVE-2012-0038

CVSS3: 5.5

nvd

около 13 лет назад

CVE-2012-0038

CVSS3: 5.5

debian

около 13 лет назад

Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c ...

GHSA-93m9-4rpc-rjmv

CVSS3: 5.5

github

около 3 лет назад

ELSA-2012-2003

oracle-oval

больше 13 лет назад

ELSA-2012-2003: Unbreakable Enterprise kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 20%

0.00063

Низкий

6.2 Medium

CVSS2