CVE-2011-1593 — MEDIUM (4.9)

Q: How severe is CVE-2011-1593?

CVE-2011-1593 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1593?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.

Vulnerability Description

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

CVSS Score

4.9

MEDIUM

AV:L/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.38.4
Redhat	Enterprise Linux	5.0
Redhat	Enterprise Linux Aus	5.6
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.6
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0
Canonical	Ubuntu Linux	8.04

Related Weaknesses (CWE)

CWE-190

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://groups.google.com/group/fa.linux.kernel/msg/4a28ecb7f755a88d?dmode=sourceExploitThird Party Advisory
http://openwall.com/lists/oss-security/2011/04/19/1Mailing ListPatchThird Party Advisory
http://openwall.com/lists/oss-security/2011/04/20/1Mailing ListPatchThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
http://secunia.com/advisories/44164Third Party AdvisoryVendor Advisory
http://securitytracker.com/id?1025420Third Party AdvisoryVDB Entry
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.4Release NotesVendor Advisory
http://www.securityfocus.com/bid/47497Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1146-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=697822Issue TrackingPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66876Third Party AdvisoryVDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=

FAQ

What is CVE-2011-1593?

CVE-2011-1593 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (...

How severe is CVE-2011-1593?

CVE-2011-1593 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1593?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.