CVE-2011-1479
published 2012-06-21CVE-2011-1479: Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors…
PriorityP417medium4.7CVSS 2.0
AVLACMAuNCNINAC
EXPLOIT
EPSS
0.80%
52.1th percentile
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.38.8 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.7MEDIUMAV:L/AC:M/Au:N/C:N/I:N/A:C
vendor_redhat4.9MEDIUM
vendor_ubuntu4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: keys: NULL pointer deref in the user-defined key type
vendor_redhat·2011-11-15·CVSS 2.1
CVE-2011-4110 [LOW] CWE-476 kernel: keys: NULL pointer deref in the user-defined key type
kernel: keys: NULL pointer deref in the user-defined key type
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
Statement: This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://ac
Ubuntu
Linux kernel (Natty backport) vulnerabilities
vendor_ubuntu·2011-11-09·CVSS 4.6
CVE-2011-1020 [MEDIUM] Linux kernel (Natty backport) vulnerabilities
Title: Linux kernel (Natty backport) vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system,
Ubuntu
Linux kernel (Maverick backport) vulnerabilities
vendor_ubuntu·2011-10-25·CVSS 4.9
CVE-2011-1479 [MEDIUM] Linux kernel (Maverick backport) vulnerabilities
Title: Linux kernel (Maverick backport) vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the security fix for CVE-2010-4250 introduced a
regression. A remote attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2011-1479)
Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)
It was discovered that the EXT4 filesystem contained multiple off-by-one
flaws. A local attacker could explo
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-10-25·CVSS 4.9
CVE-2011-1479 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the security fix for CVE-2010-4250 introduced a
regression. A remote attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2011-1479)
Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)
It was discovered that the EXT4 filesystem contained multiple off-by-one
flaws. A local attacker could exploit this to crash the
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2011-09-21·CVSS 2.1
CVE-2011-0463 [LOW] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
clear memory when writing certain file holes. A local attacker could
exploit this to read uninitialized data from the disk, leading to a loss of
privacy. (CVE-2011-0463)
Timo Warns discovered that the LDM disk partition handling code did not
correctly handle certain values. By inserting a specially crafted disk
device, a local attacker could exploit this to gain root privileges.
(CVE-2011-1017)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially incr
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-07-13·CVSS 2.1
CVE-2011-1771 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's
handling of IPv4 icmp packets. A remote user could exploit this to cause a
denial of service. (CVE-2011-1927)
Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
clear memory when writing certain file holes. A local attacker could
exploit this to read uninitialized data from the disk, leading to a loss of
privacy. (CVE-2011-0463)
Timo Warns discovered that the LDM disk partition handling code did not
correctly handle certain values. By inserting a specially crafted disk
device, a local attacker could exploit this to gain root privileges.
(CVE-2011-1017)
Vasiliy Kulikov discovered that the Bluetooth stack did
Red Hat
kernel: taskstats io infoleak
vendor_redhat·2011-06-21·CVSS 2.1
CVE-2011-2494 [LOW] kernel: taskstats io infoleak
kernel: taskstats io infoleak
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not provide support for the Taskstats interface. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Red Hat
kernel: hfs_find_init() sb->ext_tree NULL pointer dereference
vendor_redhat·2011-06-08·CVSS 2.1
CVE-2011-2203 [LOW] CWE-476 kernel: hfs_find_init() sb->ext_tree NULL pointer dereference
kernel: hfs_find_init() sb->ext_tree NULL pointer dereference
The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.
Statement: This issue did not affect the versions of Linux kernel as shipped in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not provide support for the Hierarchical File System (HFS). This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1479.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the
Red Hat
kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
vendor_redhat·2011-04-05·CVSS 4.9
CVE-2011-1479 [MEDIUM] kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0498.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Package: kernel (Red Hat Enterprise Linux 6) - Affected
Package: kernel (Red Hat Enterprise Linux Extended Update Su
GHSA
GHSA-54wm-cw9m-9pfm: Double free vulnerability in the inotify subsystem in the Linux kernel before 2
ghsa_unreviewed·2022-05-17·CVSS 4.9
CVE-2011-1479 [MEDIUM] GHSA-54wm-cw9m-9pfm: Double free vulnerability in the inotify subsystem in the Linux kernel before 2
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.
No detection rules found.
Bugzilla
CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
bugzilla·2011-11-04·CVSS 2.1
CVE-2011-4110 [LOW] CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
A flaw was found in the way Linux kernel handled user-defined key types. An unprivileged local user could use this flaw to crash the system.
Reference:
https://lkml.org/lkml/2011/11/15/363
Discussion:
Created attachment 531725
CVE-2011-4110 proposed patch
---
Statement:
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https:
Bugzilla
CVE-2011-1479 kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
bugzilla·2011-03-29·CVSS 4.9
CVE-2011-1479 [MEDIUM] CVE-2011-1479 kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
CVE-2011-1479 kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
Originally, the CVE-2010-4250 identifier has been assigned to the
following vulnerability:
Memory leak in the inotify_init() system call could, in some cases,
leak a group, allowing a local, unprivileged user to eventually cause
a denial of service.
References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4250
Later, it was found that relevant upstream commit:
a2ae4cc9a16e211c8a128ba10d22a85431f093ab, v2.6.37-rc5
did not properly address the issue / introduced a regression
(slab corruption by double free of user_struct in inotify_init1),
which could allow a local, unprivileged user to cause a denial of
service (kernel crash).
Discussion:
Upstream commit:
http://git.k
arXiv
Characteristics, Root Causes, and Detection of Incomplete Security Bug Fixes in the Linux Kernel
arxiv_fulltext·2025-11-21
Characteristics, Root Causes, and Detection of Incomplete Security Bug Fixes in the Linux Kernel
Characteristics, Root Causes, and Detection of
Incomplete Security Bug Fixes in the Linux Kernel
Qiang Liu^1All work was done by Aug., 2022.,
Wenlong Zhang^1,
Muhui Jiang^2,1,
Lei Wu^1,
Yajin Zhou^1
^1Zhejiang University,
^2The Hong Kong Polytechnic University
## Abstract
Security bugs in the Linux kernel emerge endlessly and have attracted much
attention.
However, fixing security bugs in the Linux kernel could be incomplete due to
human mistakes.
Specifically, an incomplete fix fails to repair all the original security
defects in the software, fails to properly repair the original security defects,
or introduces new ones.
In this paper, we study the fixes of incomplete security bugs in the Linux
kernel for the first time, and reveal their characteristics, root causes as well
as de
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0de4dc584ec6aa3b26fffea320a8457827768fchttp://www.openwall.com/lists/oss-security/2011/04/11/1https://bugzilla.redhat.com/show_bug.cgi?id=691793https://github.com/torvalds/linux/commit/d0de4dc584ec6aa3b26fffea320a8457827768fchttp://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0de4dc584ec6aa3b26fffea320a8457827768fchttp://www.openwall.com/lists/oss-security/2011/04/11/1https://bugzilla.redhat.com/show_bug.cgi?id=691793https://github.com/torvalds/linux/commit/d0de4dc584ec6aa3b26fffea320a8457827768fc
2012-06-21
Published