CVE-2011-1746 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-18915 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 87.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Redhat Enterprise Linux AUS +4 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.38.5

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Also affects: Enterprise Linux 5.0, 5.6

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-hvmr-v3mc-jxc9: Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic↗2022-05-13

▶

CVEList

CVE-2011-1746: Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic↗2011-05-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-21

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

Ubuntu

Linux kernel vulnerabilities↗2011-08-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-07-15

▶

💬Community

Bugzilla

CVE-2011-1746 kernel: agp: insufficient page_count parameter checking in agp_allocate_memory()↗2011-04-22

▶