Lucene search

[email protected]CVE-2011-2184

HistorySep 06, 2011 - 4:55 p.m.

CVE-2011-2184

2011-09-0616:55:00

CWE-476

[email protected]

web.nvd.nist.gov

linux

kernel

cve-2011-2184

local

denial of service

nvd

security issue

7.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.39.1

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.39.1

References

alt.swiecki.net/linux_kernel/sys_open-kmem_cache_alloc-2.6.39-rc4.txt

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f7285b5d631fd6096b11c6af0058ed3a2b30ef4e

securityreason.com/securityalert/8371

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1

www.openwall.com/lists/oss-security/2011/06/03/2

www.openwall.com/lists/oss-security/2011/06/06/2

lkml.org/lkml/2011/5/23/199

lkml.org/lkml/2011/5/24/502

lkml.org/lkml/2011/5/25/265

Social References

7.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2011-2184

ubuntucve2 prion2 redhatcve1 cve1 seebug1 nessus11 openvas29 fedora9 suse4 ubuntu4