CVE-2011-2213
Published Aug 29, 2011
Last updated 2 years ago
Overview
- Description
- The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-835
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D83B3E02-C11C-4F8E-8CAC-F2270BC8190C",
"versionEndExcluding": "2.6.39.3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9D9A0B9-D6B1-42C3-9571-72B7B2D72776"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "903512FC-0017-4564-9B89-7E64FFB14B11"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
}
],
"operator": "OR"
}
]
}
]