CVE-2011-4131 : The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.

Published 2012-05-17 11:00:33

Updated 2023-02-13 04:32:45

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2011-4131

Probability of exploitation activity in the next 30 days: 0.25%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-4131

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:A/AC:H/Au:N/C:N/I:N/A:C	3.2	6.9	NIST
Access Vector: Adjacent Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2011-4131

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-4131

https://bugzilla.redhat.com/show_bug.cgi?id=747106

747106 – (CVE-2011-4131) CVE-2011-4131 kernel: nfs4_getfacl decoding kernel oops
http://rhn.redhat.com/errata/RHSA-2012-0862.html

RHSA-2012:0862 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

[security-announce] SUSE-SU-2012:0554-1: important: Security update for

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081280.html

[SECURITY] Fedora 16 Update: kernel-3.3.7-1.fc16
http://rhn.redhat.com/errata/RHSA-2012-1541.html

RHSA-2012:1541 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bf118a342f10dafe44b14451a1392c3254629a1f
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2

CVEs referencing this url
https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f

NFSv4: include bitmap in nfsv4 get acl data · torvalds/linux@bf118a3 · GitHub
http://www.openwall.com/lists/oss-security/2011/11/12/1

oss-security - Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

[security-announce] openSUSE-SU-2013:0925-1: important: kernel: security

CVEs referencing this url

Products affected by CVE-2011-4131

Linux » Linux Kernel » Version: 3.2 Update RC6
cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 3.2 Update RC3
cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 3.2.1
cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 3.2 Update RC2
cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 3.2 Update RC5
cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 3.2 Update RC4
cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 3.2
cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 3.2 Update RC7
cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-4131

Exploit prediction scoring system (EPSS) score for CVE-2011-4131

CVSS scores for CVE-2011-4131

CWE ids for CVE-2011-4131

References for CVE-2011-4131

Products affected by CVE-2011-4131