Vulnerability Details : CVE-2011-1017
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2011-1017
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1017
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1017
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2011-1017
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1017
-
http://securityreason.com/securityalert/8115
Linux Kernel Buffer Overflow ldm_frag_add() Elevated Privileges - CXSecurity.comThird Party Advisory
-
http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt
Patch;Third Party Advisory
-
http://securitytracker.com/id?1025128
Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/516615/100/0/threaded
SecurityFocusNot Applicable
-
http://openwall.com/lists/oss-security/2011/02/24/14
oss-security - Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tablesExploit;Mailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1146-1
USN-1146-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://openwall.com/lists/oss-security/2011/02/24/4
oss-security - Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tablesExploit;Mailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/46512
Linux Kernel 'fs/partitions/ldm.c' Buffer Overflow and Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
http://openwall.com/lists/oss-security/2011/02/23/16
oss-security - CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tablesMailing List;Third Party Advisory
Jump to