CVE-2011-1495

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6.38 and earlier kernel-kdumppae (affected versions not specified)

Description The issue is related to a lack of validation of length and offset values before performing memory copy operations in the Linux kernel. This could allow local users to gain privileges, cause a denial of service, or obtain sensitive information from kernel memory via a crafted ioctl call. The functions ctl do mpt command and ctl diag read buffer are involved. Additionally, there are multiple vulnerabilities in the kernel-kdumppae package of SUSE Linux Enterprise that can be exploited remotely to disrupt the availability of protected information.

Recommendations For Linux kernel version 2.6.38 and earlier: consider upgrading to a newer version to address the issue. For kernel-kdumppae: At the moment, there is no information about a newer version that contains a fix for this vulnerability.