CVE-2011-1163

low

Description

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

References

http://downloads.avaya.com/css/P8/documents/100145416

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

http://openwall.com/lists/oss-security/2011/03/15/14

http://openwall.com/lists/oss-security/2011/03/15/9

http://rhn.redhat.com/errata/RHSA-2011-0833.html

https://bugzilla.redhat.com/show_bug.cgi?id=688021

http://securityreason.com/securityalert/8189

http://securitytracker.com/id?1025225

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38

Details

Source: Mitre, NVD

Published: 2011-04-10

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low