CVE-2011-1163

medium

Description

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

References

https://bugzilla.redhat.com/show_bug.cgi?id=688021

http://www.spinics.net/lists/mm-commits/msg82737.html

http://www.securityfocus.com/bid/46878

http://www.securityfocus.com/archive/1/517050

http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt

http://securitytracker.com/id?1025225

http://securityreason.com/securityalert/8189

http://rhn.redhat.com/errata/RHSA-2011-0833.html

http://openwall.com/lists/oss-security/2011/03/15/9

http://openwall.com/lists/oss-security/2011/03/15/14

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05

http://downloads.avaya.com/css/P8/documents/100145416

Details

Source: Mitre, NVD

Published: 2011-04-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium