CVE-2011-2525

2011-10-0600:00:00

ubuntu.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before
2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin
(aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a
denial of service (NULL pointer dereference and OOPS) or possibly have
unspecified other impact via a crafted call.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-30.96UNKNOWN
ubuntu10.04noarchlinux< 2.6.32-36.79UNKNOWN
ubuntu10.10noarchlinux< 2.6.35-1.1UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-340.40UNKNOWN
ubuntu10.04noarchlinux-fsl-imx51< 2.6.31-611.29UNKNOWN
ubuntu10.04noarchlinux-lts-backport-natty< 2.6.38-1.27~lucid1UNKNOWN
ubuntu10.10noarchlinux-mvl-dove< 2.6.32-420.38UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	linux	< 2.6.24-30.96	UNKNOWN
ubuntu	10.04	noarch	linux	< 2.6.32-36.79	UNKNOWN
ubuntu	10.10	noarch	linux	< 2.6.35-1.1	UNKNOWN
ubuntu	10.04	noarch	linux-ec2	< 2.6.32-340.40	UNKNOWN
ubuntu	10.04	noarch	linux-fsl-imx51	< 2.6.31-611.29	UNKNOWN
ubuntu	10.04	noarch	linux-lts-backport-natty	< 2.6.38-1.27~lucid1	UNKNOWN
ubuntu	10.10	noarch	linux-mvl-dove	< 2.6.32-420.38	UNKNOWN