CVE-2011-2909

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise versions prior to the fixed version btrfs-kmp-xen versions (affected versions not specified) btrfs-kmp-pae versions (affected versions not specified) kernel-desktop-devel versions (affected versions not specified)

Description The issue affects the SUSE Linux Enterprise operating system, specifically the btrfs-kmp-xen, btrfs-kmp-pae, and kernel-desktop-devel packages. Exploitation of the vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited locally. The do devinfo ioctl function in the Linux kernel is also affected, allowing local users to obtain sensitive information from kernel memory.

Recommendations For btrfs-kmp-xen, consider disabling the vulnerable package until a patch is available. For btrfs-kmp-pae, restrict access to the vulnerable package to minimize the risk of exploitation. For kernel-desktop-devel, avoid using the vulnerable package until the issue is resolved. As a temporary workaround, consider disabling the do devinfo ioctl function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.