PT-2011-1064 · Suse+2 · Ext4Dev-Kmp-Trace+3

Clément Lecigne

Published

2011-08-31

Updated

2024-06-15

CVE-2011-2203

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6 ext4dev-kmp-trace (affected versions not specified)

Description The issue concerns a denial of service in the Linux kernel, specifically through the hfs find init function when mounting an HFS file system with a malformed MDB extent record, leading to a NULL pointer dereference and Oops. Additionally, there are multiple vulnerabilities in the ext4dev-kmp-trace package of SUSE Linux Enterprise that can be exploited remotely, potentially disrupting the availability of protected information.

Recommendations For Linux kernel version 2.6, consider disabling the hfs find init function as a temporary workaround until a patch is available. For ext4dev-kmp-trace, restrict access to the package to minimize the risk of exploitation until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-476

Related Identifiers

BDU:2015-04359

CVE-2011-2203

OPENSUSE-SU-2024:10128-1

RHSA-2011:1479

RHSA-2011_1479

USN-1318-1

USN-1319-1

USN-1322-1

USN-1323-1

USN-1324-1

USN-1325-1

USN-1328-1

USN-1330-1

USN-1332-1

USN-1336-1

USN-1337-1

USN-1340-1

USN-1341-1

USN-1344-1

USN-1345-1

Affected Products

Linux Kernel

Red Hat

Suse

Ext4Dev-Kmp-Trace

PT-2011-1064 · Suse+2 · Ext4Dev-Kmp-Trace+3

CVE-2011-2203

Weakness Enumeration

Related Identifiers

Affected Products

References · 123