CVE-2011-2689

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2011-1065.html

http://secunia.com/advisories/45193

http://securitytracker.com/id?1025776

http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1

http://www.openwall.com/lists/oss-security/2011/07/13/1

http://www.securityfocus.com/bid/48677

https://bugzilla.redhat.com/show_bug.cgi?id=720861

https://exchange.xforce.ibmcloud.com/vulnerabilities/68557

Details

Source: MITRE

Published: 2011-07-28

Updated: 2020-07-31

Type: CWE-400

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
89105VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)NessusMisc.
high
68331Oracle Linux 6 : kernel (ELSA-2011-1189)NessusOracle Linux Local Security Checks
high
61118Scientific Linux Security Update : kernel on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
57749VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
56768Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)NessusUbuntu Local Security Checks
critical
56265CentOS 5 : kernel (CESA-2011:1065)NessusCentOS Local Security Checks
high
56257USN-1212-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
56256Ubuntu 11.04 : linux vulnerabilities (USN-1211-1)NessusUbuntu Local Security Checks
high
55964RHEL 6 : kernel (RHSA-2011:1189)NessusRed Hat Local Security Checks
high
55645RHEL 5 : kernel (RHSA-2011:1065)NessusRed Hat Local Security Checks
high
801508CentOS RHSA-2011-1065 Security CheckLog Correlation EngineGeneric
high