CVE-2011-2182

Published Jun 13, 2012

Last updated a year ago

Overview

Description: The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA8EF989-5837-4B53-8242-AA7FDFEA5FD1",
            "versionEndIncluding": "2.6.39"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2493C2FB-2BA1-4DB3-BC04-E282C9CD399D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18DBC8AF-18ED-4879-8888-23022E494D14"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75EB375B-8ADF-4EAB-A3FB-ED5D35E5E719"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D49BB231-622E-4F20-97C8-E6289933912C"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D6859AA-DA7F-4AF9-8443-05962171D6E3"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B79A89D-F048-48C5-B148-4B38A6C3953B"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.39:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEBA9217-9105-4BA3-BE1E-FE387FECEF87"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References