Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2011:4884


Id SUSE-2011:4884
Name Novell SUSE 2011:4884 kernel security update for SLE 11 SP1 i586
Vendor Name novell
Product None
Content Type Critical - 01 Critical - 01
Operating System(s) Linux 
Released On 17 Jul 2011 12:00:00


Novell SUSE 2011:4884 kernel security update for SLE 11 SP1 i586

Vendor Name




Released On

17 Jul 2011 12:00:00



The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to and fixes various bugs and security issues. The following security issues were fixed: * CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. * CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. * CVE-2011-2183: Fixed a race between ksmd and other memory management code, which could result in a NULL ptr dereference and kernel crash. * CVE-2011-2517: In both trigger_scan and sched_scan operations, we were checking for the SSID length before assigning the value correctly. Since the memory was just kzalloced, the check was always failing and SSID with over 32 characters were allowed to go through. This required CAP_NET_ADMIN privileges to be exploited. * CVE-2011-2213: A malicious user or buggy application could inject diagnosing byte code and trigger an infinite loop in inet_diag_bc_audit(). * CVE-2011-1017,CVE-2011-1012,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. * CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. * CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. * CVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. * CVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory. * CVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. * CVE-2011-1078: In a bluetooth ioctl, struct sco_conninfo has one padding byte in the end. Local variable cinfo of type sco_conninfo was copied to userspace with this uninizialized one byte, leading to an old stack contents leak. * CVE-2011-1079: In a bluetooth ioctl, struct ca is copied from userspace. It was not checked whether the "device" field was NULL terminated. This potentially leads to BUG() inside of alloc_netdev_mqs() and/or information leak by creating a device with a name made of contents of kernel stack. * CVE-2011-1080: In ebtables rule loading,

Related Resources

Related Vulnerabilities

CVE-2011-1017   CVE-2011-1012   CVE-2011-1585   CVE-2011-1160   CVE-2011-1577   CVE-2011-1020   CVE-2011-1078   CVE-2011-1079   CVE-2011-1080   CVE-2011-1170   CVE-2011-1171   CVE-2011-1172   CVE-2011-1173   CVE-2011-1593   CVE-2011-1598   CVE-2011-1745   CVE-2011-1746   CVE-2011-1748   CVE-2011-2182   CVE-2011-2496   CVE-2011-2491   CVE-2011-2183   CVE-2011-2517   CVE-2011-2213  

Related Patches


Superseded Patches


Last Updated: 27 May 2016 11:12:38