CVE-2011-1576Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-401Missing Release of Memory after Effective Lifetime12 documents5 sources
Severity
5.7MEDIUMNVD
EPSS
0.8%
top 26.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedAug 31
Latest updateMay 14

Description

The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 5.5 | Impact: 6.9

Affected Packages1 packages

NVDlinux/linux_kernel2.6.18

Also affects: Enterprise Linux 5, 6.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

1
GHSA
GHSA-mvmx-96hj-8h74: The Generic Receive Offload (GRO) implementation in the Linux kernel 22022-05-14

📋Vendor Advisories

9
Ubuntu
Linux kernel (Natty backport) vulnerabilities2011-11-09
Ubuntu
Linux kernel vulnerabilities2011-11-08
Ubuntu
Linux kernel (EC2) vulnerabilities2011-10-25
Ubuntu
Linux kernel (i.MX51) vulnerabilities2011-10-25
Ubuntu
Linux kernel (Marvell DOVE) vulnerabilities2011-10-25

💬Community

1
Bugzilla
CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP2011-04-11