Vulnerability Details : CVE-2011-4097
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-4097
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4097
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2011-4097
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4097
-
https://bugzilla.redhat.com/show_bug.cgi?id=750399
750399 – (CVE-2011-4097) CVE-2011-4097 kernel: oom_badness() integer overflowExploit;Issue Tracking;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2011/11/01/2
oss-security - Re: CVE request: kernel: oom: fix integer overflow of points in oom_badnessExploit;Mailing List;Third Party Advisory
-
https://github.com/torvalds/linux/commit/56c6a8a4aadca809e04276eabe5552935c51387f
oom: fix integer overflow of points in oom_badness · torvalds/linux@56c6a8a · GitHubExploit;Patch;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8
Patch;Vendor Advisory
Products affected by CVE-2011-4097
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x64:*