CVE-2011-4077

high

Description

Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.

References

Advisories

https://bugzilla.redhat.com/show_bug.cgi?id=749156

http://www.openwall.com/lists/oss-security/2011/10/26/3

http://www.openwall.com/lists/oss-security/2011/10/26/1

http://oss.sgi.com/archives/xfs/2011-10/msg00345.html

http://marc.info/?l=bugtraq&m=139447903326211&w=2

Details

Source: Mitre, NVD

Published: 2012-01-27

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00309