Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2496

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2011-2496
Last Modified 28 Jun 2012 12:00:00
Published 13 Jun 2012 06:24:55
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2496

Summary

Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.38

  • Linux Kernel 2.6.38.1

  • Linux Kernel 2.6.38.2

  • Linux Kernel 2.6.38.3

  • Linux Kernel 2.6.38.4

  • Linux Kernel 2.6.38.5

  • Linux Kernel 2.6.38.6

  • Linux Kernel 2.6.38.7

  • Linux Kernel 2.6.38.8


References

CONFIRM - https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=716538

MLIST - [oss-security] 20110627 Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions

CONFIRM - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39

Related Patches

Novell SUSE 2011:4884 kernel security update for SLE 11 SP1 i586


Last Updated: 27 May 2016 10:49:38