CVE-2011-1745 — MEDIUM (6.9)

Q: How severe is CVE-2011-1745?

CVE-2011-1745 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1745?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.

Vulnerability Description

Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.38.5
Redhat	Enterprise Linux	5.0
Redhat	Enterprise Linux Aus	5.6
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.6
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0

Related Weaknesses (CWE)

CWE-190

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://openwall.com/lists/oss-security/2011/04/21/4Mailing ListPatch
http://openwall.com/lists/oss-security/2011/04/22/7Mailing ListPatchThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5Release NotesVendor Advisory
http://www.securityfocus.com/bid/47534Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=698996Issue TrackingPatchThird Party Advisory
https://lkml.org/lkml/2011/4/14/293PatchThird Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://openwall.com/lists/oss-security/2011/04/21/4Mailing ListPatch
http://openwall.com/lists/oss-security/2011/04/22/7Mailing ListPatchThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5Release NotesVendor Advisory
http://www.securityfocus.com/bid/47534Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=698996Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2011-1745?

CVE-2011-1745 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system ...

How severe is CVE-2011-1745?

CVE-2011-1745 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1745?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.