CVE-2011-0695 — MEDIUM (5.7)

Q: How severe is CVE-2011-0695?

CVE-2011-0695 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-0695?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.

Vulnerability Description

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.

CVSS Score

5.7

MEDIUM

AV:A/AC:M/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.6.0, <= 2.6.39.4
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.6
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	5.6
Redhat	Enterprise Linux Workstation	5.0
Canonical	Ubuntu Linux	8.04

Related Weaknesses (CWE)

CWE-362

References

http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
http://secunia.com/advisories/43693Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/11/1Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/46839Third Party AdvisoryVDB Entry
http://www.spinics.net/lists/linux-rdma/msg07447.htmlExploitMailing ListPatch
http://www.spinics.net/lists/linux-rdma/msg07448.htmlMailing ListPatchThird Party Advisory
http://www.ubuntu.com/usn/USN-1146-1Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66056Third Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
http://secunia.com/advisories/43693Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/11/1Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/46839Third Party AdvisoryVDB Entry
http://www.spinics.net/lists/linux-rdma/msg07447.htmlExploitMailing ListPatch
http://www.spinics.net/lists/linux-rdma/msg07448.htmlMailing ListPatchThird Party Advisory
http://www.ubuntu.com/usn/USN-1146-1Third Party Advisory

FAQ

What is CVE-2011-0695?

CVE-2011-0695 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an...

How severe is CVE-2011-0695?

CVE-2011-0695 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-0695?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.