Vulnerability Details : CVE-2011-0695
Potential exploit
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.
Vulnerability category: Denial of service
Products affected by CVE-2011-0695
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Threat overview for CVE-2011-0695
Top countries where our scanners detected CVE-2011-0695
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2011-0695 2,321
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-0695!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-0695
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0695
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.7
|
MEDIUM | AV:A/AC:M/Au:N/C:N/I:N/A:C |
5.5
|
6.9
|
NIST |
CWE ids for CVE-2011-0695
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0695
-
http://www.spinics.net/lists/linux-rdma/msg07447.html
[PATCH 1/2] rdma/cm: Fix crash in request handlers — Linux RDMA and InfiniBand developmentExploit;Mailing List;Patch;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66056
Linux Kernel InfiniBand denial of service CVE-2011-0695 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/43693
Third Party Advisory
-
http://www.securityfocus.com/bid/46839
Linux Kernel Request Handling 'cm.c' Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.spinics.net/lists/linux-rdma/msg07448.html
[PATCH 2/2] ib/cm: Bump reference count on cm_id before invoking callback — Linux RDMA and InfiniBand developmentMailing List;Patch;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1146-1
USN-1146-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2011-0927.html
RHSA-2011:0927 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2011/03/11/1
oss-security - CVE-2011-0695 kernel: panic in ib_cm:cm_work_handlerMailing List;Patch;Third Party Advisory
Jump to