CVE-2011-1745 — Integer Overflow or Wraparound in Kernel

CWE-190 — Integer Overflow or Wraparound16 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 86.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Redhat Enterprise Linux AUS +4 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.38.5

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Also affects: Enterprise Linux 5.0, 5.6

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-j3g9-xp4c-pfhv: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic↗2022-05-13

▶

CVEList

CVE-2011-1745: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic↗2011-05-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-21

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

Ubuntu

Linux kernel vulnerabilities↗2011-07-15

▶

Ubuntu

Linux kernel vulnerabilities↗2011-07-15

▶

💬Community

Bugzilla

CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls↗2011-04-22

▶