Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2493

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2011-2493
Last Modified 14 Jun 2012 12:00:00
Published 13 Jun 2012 06:24:54
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2493

Summary

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.38

  • Linux Kernel 2.6.38.1

  • Linux Kernel 2.6.38.2

  • Linux Kernel 2.6.38.3

  • Linux Kernel 2.6.38.4

  • Linux Kernel 2.6.38.5

  • Linux Kernel 2.6.38.6

  • Linux Kernel 2.6.38.7

  • Linux Kernel 2.6.38.8


References

CONFIRM - https://github.com/torvalds/linux/commit/0449641130f5652b344ef6fa39fa019d7e94660a

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0449641130f5652b344ef6fa39fa019d7e94660a

MLIST - [oss-security] 20110624 Re: CVE request: kernel: ext4: init timer earlier to avoid a kernel panic in __save_error_info

CONFIRM - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39


Last Updated: 27 May 2016 10:49:38