CVE-2011-1593 — Integer Overflow or Wraparound in Kernel

CWE-190 — Integer Overflow or Wraparound15 documents6 sources

Severity

4.9MEDIUMNVD

EPSS

0.0%

top 87.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Redhat Enterprise Linux +5 more

Timeline

PublishedMay 3

Latest updateMay 13

Description

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.38.4

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Also affects: Ubuntu Linux 8.04, Enterprise Linux 5.0, 5.6

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-gv92-fjvm-3gh7: Multiple integer overflows in the next_pidmap function in kernel/pid↗2022-05-13

▶

CVEList

CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid↗2011-05-03

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-21

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

Ubuntu

Linux kernel vulnerabilities↗2011-07-15

▶

Ubuntu

Linux kernel vulnerabilities (Marvell Dove)↗2011-07-13

▶

💬Community

Bugzilla

CVE-2011-1593 kernel: proc: signedness issue in next_pidmap()↗2011-04-19

▶