Vulnerability Details : CVE-2011-1745
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2011-1745
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_aus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1745
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1745
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2011-1745
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1745
-
http://openwall.com/lists/oss-security/2011/04/22/7
oss-security - Re: CVE request: kernel: buffer overflow and DoS issues in agpMailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/47534
Linux Kernel 'agp_ioctl()' Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://openwall.com/lists/oss-security/2011/04/21/4
oss-security - CVE request: kernel: buffer overflow and DoS issues in agpMailing List;Patch
-
https://lkml.org/lkml/2011/4/14/293
LKML: Vasiliy Kulikov: [PATCH] char: agp: fix arbitrary kernel memory writesPatch;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2011-0927.html
RHSA-2011:0927 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=698996
698996 – (CVE-2011-1745, CVE-2011-2022) CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctlsIssue Tracking;Patch;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5
404: File not foundRelease Notes;Vendor Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=194b3da873fd334ef183806db751473512af29ce
Jump to