CVE-2011-0711 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2011-0711?

CVE-2011-0711 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-0711?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.

Vulnerability Description

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.38
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	5.6
Redhat	Enterprise Linux Server Eus	5.6
Redhat	Enterprise Linux Workstation	5.0

Related Weaknesses (CWE)

CWE-200

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://openwall.com/lists/oss-security/2011/02/16/10Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/02/16/4Mailing ListThird Party Advisory
http://osvdb.org/70950Broken Link
http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.logBroken Link
http://www.securityfocus.com/bid/46417Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=677260Issue TrackingPatchThird Party Advisory
https://patchwork.kernel.org/patch/555461/PatchVendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://openwall.com/lists/oss-security/2011/02/16/10Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/02/16/4Mailing ListThird Party Advisory
http://osvdb.org/70950Broken Link
http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.logBroken Link

FAQ

What is CVE-2011-0711?

CVE-2011-0711 is a vulnerability with a CVSS score of 2.1 (LOW). The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive i...

How severe is CVE-2011-0711?

CVE-2011-0711 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-0711?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.