CVE-2011-1163 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2011-1163?

CVE-2011-1163 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1163?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Server, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.

Vulnerability Description

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.38
Suse	Linux Enterprise Server	10
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.6
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	5.6
Redhat	Enterprise Linux Workstation	5.0

Related Weaknesses (CWE)

CWE-20

References

http://downloads.avaya.com/css/P8/documents/100145416Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlMailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/03/15/14Mailing ListPatchThird Party Advisory
http://openwall.com/lists/oss-security/2011/03/15/9Mailing ListPatchThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2011-0833.htmlThird Party Advisory
http://securityreason.com/securityalert/8189Third Party Advisory
http://securitytracker.com/id?1025225Third Party AdvisoryVDB Entry
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38Broken Link
http://www.pre-cert.de/advisories/PRE-SA-2011-02.txtThird Party Advisory
http://www.securityfocus.com/archive/1/517050Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/46878Third Party AdvisoryVDB Entry
http://www.spinics.net/lists/mm-commits/msg82737.htmlMailing ListPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=688021Issue TrackingPatchThird Party Advisory
http://downloads.avaya.com/css/P8/documents/100145416Third Party Advisory

FAQ

What is CVE-2011-1163?

CVE-2011-1163 is a vulnerability with a CVSS score of 2.1 (LOW). The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensit...

How severe is CVE-2011-1163?

CVE-2011-1163 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1163?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Server, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.