CVE-2011-2479 : The Linux kernel before 2.6.39 does not properly create transparent huge pages i

The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.

Published 2013-03-01 12:37:54

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2011-2479

Linux » Linux Kernel
Versions before (<) 2.6.39
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2011-2479

Top countries where our scanners detected CVE-2011-2479

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2011-2479 1,556

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2011-2479!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-2479

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-2479

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2011-2479

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-2479

http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39

404 Not Found
Third Party Advisory

CVEs referencing this url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78f11a255749d09025f54d4e2df4fbcb031530e2
http://www.openwall.com/lists/oss-security/2011/06/20/14

oss-security - Re: CVE request: kernel: thp: madvise on top of /dev/zero private mapping can lead to panic
Mailing List;Third Party Advisory
https://github.com/torvalds/linux/commit/78f11a255749d09025f54d4e2df4fbcb031530e2

mm: thp: fix /dev/zero MAP_PRIVATE and vm_flags cleanups · torvalds/linux@78f11a2 · GitHub
Exploit;Patch;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=714761

714761 – (CVE-2011-2479) CVE-2011-2479 kernel: thp: madvise on top of /dev/zero private mapping can lead to panic
Issue Tracking;Third Party Advisory