Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-1495
HistoryMay 03, 2011 - 12:00 a.m.

CVE-2011-1495

2011-05-0300:00:00
ubuntu.com
ubuntu.com
21

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier
does not validate (1) length and (2) offset values before performing memory
copy operations, which might allow local users to gain privileges, cause a
denial of service (memory corruption), or obtain sensitive information from
kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command
and _ctl_diag_read_buffer functions.

Bugs

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%