Lucene search

[email protected]CVE-2011-0463

HistoryApr 10, 2011 - 2:51 a.m.

CVE-2011-0463

2011-04-1002:51:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-0463

oracle

cluster

file system

ocfs2

linux kernel

vulnerability

7.3 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.38.2
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.38.2
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=272b62c1f0f6f742046e45b50b6fec98860208a0

oss.oracle.com/pipermail/ocfs2-devel/2011-February/007846.html

secunia.com/advisories/43966

www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1

www.ubuntu.com/usn/USN-1146-1

bugzilla.novell.com/show_bug.cgi?id=673037

7.3 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2011-0463

prion1 ubuntucve1 nessus10 openvas20 ubuntu10 securityvulns1 packetstorm1