CVE-2011-2182

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.39.1

Description The issue is related to the ldm frag add function in fs/partitions/ldm.c, which does not properly handle memory allocation for non-initial fragments. This might allow local users to conduct buffer overflow attacks and gain privileges or obtain sensitive information via a crafted LDM partition table. The vulnerability exists because of an incomplete fix for a previous issue. Multiple vulnerabilities in the kernel-kdumppae package of the SUSE Linux Enterprise operating system can be exploited remotely, leading to a disruption of protected information availability.

Recommendations For Linux kernel versions prior to 2.6.39.1, update to version 2.6.39.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ldm frag add function in fs/partitions/ldm.c to minimize the risk of exploitation. Avoid using crafted LDM partition tables until the issue is resolved.