CVE-2011-1163 — Improper Input Validation in Kernel

CWE-20 — Improper Input Validation13 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 70.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

7

Linux Kernel Redhat Enterprise Linux Desktop Redhat Enterprise Linux EUS +4 more

Timeline

PublishedApr 10

Latest updateMay 13

Description

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶NVDlinux/linux_kernel< 2.6.38

▶NVDsuse/linux_enterprise_server10

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

▶NVDredhat/enterprise_linux_desktop5.0, 6.0+1

▶NVDredhat/enterprise_linux_workstation5.0, 6.0+1

Also affects: Enterprise Linux 5.6

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: www.spinics.net ↗

🔴Vulnerability Details

2

GHSA

GHSA-gmr9-4rwq-564r: The osf_partition function in fs/partitions/osf↗2022-05-13

▶

CVEList

CVE-2011-1163: The osf_partition function in fs/partitions/osf↗2011-04-10

▶

📋Vendor Advisories

9

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (i.MX51) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

Ubuntu

Linux kernel vulnerabilities↗2011-08-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-07-15

▶

💬Community

1

Bugzilla

CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak↗2011-03-16

▶

CVE-2011-1163 — Improper Input Validation in Kernel | cvebase