CVE-2011-1593

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.38.4

Description The issue is related to multiple integer overflows in the next pidmap function in kernel/pid.c, which can cause a denial of service (system crash) via crafted system calls, specifically (1) getdents or (2) readdir. Additionally, there are multiple vulnerabilities in the kernel-kdumppae package of SUSE Linux Enterprise that can lead to disruption of protected information availability, and these can be exploited remotely.

Recommendations For Linux kernel versions prior to 2.6.38.4, update to version 2.6.38.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the next pidmap function in kernel/pid.c to minimize the risk of exploitation. Avoid using the getdents and readdir system calls in the affected kernel versions until the issue is resolved.