Vulnerability Description
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 2.6.37 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Eus | 5.6 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Server Aus | 5.6 |
| Redhat | Enterprise Linux Workstation | 5.0 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37Broken Link
- http://www.securityfocus.com/bid/46488Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=667916Issue TrackingPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65563Third Party AdvisoryVDB Entry
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37Broken Link
- http://www.securityfocus.com/bid/46488Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=667916Issue TrackingPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65563Third Party AdvisoryVDB Entry
FAQ
What is CVE-2011-1044?
CVE-2011-1044 is a vulnerability with a CVSS score of 2.1 (LOW). The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially s...
How severe is CVE-2011-1044?
CVE-2011-1044 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1044?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.