Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2210

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2011-2210
Last Modified 13 Jun 2012 12:00:00
Published 13 Jun 2012 06:24:54
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2210

Summary

The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.39

  • Linux Kernel 2.6.39.1

  • Linux Kernel 2.6.39.2

  • Linux Kernel 2.6.39.3


References

CONFIRM - https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f

MLIST - [oss-security] 20110615 Re: CVE request: kernel: alpha: fix several security issues

CONFIRM - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4


Last Updated: 27 May 2016 10:49:38