CVE-2011-2213 — MEDIUM (4.9)

Q: How severe is CVE-2011-2213?

CVE-2011-2213 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-2213?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.

Vulnerability Description

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

CVSS Score

4.9

MEDIUM

AV:L/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.39.3
Redhat	Enterprise Linux Aus	5.6
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.6
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0

Related Weaknesses (CWE)

CWE-835

References

http://article.gmane.org/gmane.linux.network/197206Broken Link
http://article.gmane.org/gmane.linux.network/197208Broken Link
http://article.gmane.org/gmane.linux.network/197386Broken Link
http://article.gmane.org/gmane.linux.network/198809Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://marc.info/?l=bugtraq&m=139447903326211&w=2Third Party Advisory
http://patchwork.ozlabs.org/patch/100857/PatchThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2011-0927.htmlThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3Broken Link
http://www.openwall.com/lists/oss-security/2011/06/20/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2011/06/20/13Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2011/06/20/16Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=714536Issue TrackingThird Party Advisory
http://article.gmane.org/gmane.linux.network/197206Broken Link
http://article.gmane.org/gmane.linux.network/197208Broken Link

FAQ

What is CVE-2011-2213?

CVE-2011-2213 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel in...

How severe is CVE-2011-2213?

CVE-2011-2213 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2213?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.