CVE-2011-1044 — Missing Initialization of Resource in Kernel

CWE-909 — Missing Initialization of Resource13 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 81.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Desktop Redhat Enterprise Linux EUS +3 more

Timeline

PublishedFeb 18

Latest updateMay 13

Description

The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.37

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Also affects: Enterprise Linux 5.6

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-r7qr-vhfp-52c9: The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

HP Device Access Manager for HP ProtectTools 5.0/6.0 - Heap Memory Corruption↗2011-12-02

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (i.MX51) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

Ubuntu

Linux kernel vulnerabilities↗2011-08-09

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

💬Community

Bugzilla

CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ↗2011-01-07

▶