CVE-2011-2213

CWE-83518 documents7 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 80.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux Linux KernelRedhat Enterprise Linux AUSRedhat Enterprise Linux Desktop+3 more
Timeline
PublishedAug 29
Latest updateMay 13

Description

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages11 packages

NVDlinux/linux_kernel< 2.6.39.3
Ubuntulinux< 3.11.0-12.19
Ubuntulinux-flo< 3.4.0-1.3
Ubuntulinux-mako< 3.4.0-3.21
Ubuntulinux-manta< 3.4.0-4.19

Also affects: Enterprise Linux 5.6

Patches

Patch: patchwork.ozlabs.orgPatch: patchwork.ozlabs.org

🔴Vulnerability Details

3
GHSA
GHSA-wv38-chxj-v2gp: The inet_diag_bc_audit function in net/ipv4/inet_diag2022-05-13
OSV
CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag2011-08-29
CVEList
CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag2011-08-29

📋Vendor Advisories

13
Ubuntu
Linux kernel (Natty backport) vulnerabilities2011-11-09
Ubuntu
Linux kernel vulnerabilities2011-10-25
Ubuntu
Linux kernel (i.MX51) vulnerabilities2011-10-25
Ubuntu
Linux kernel (OMAP4) vulnerabilities2011-10-12
Ubuntu
Linux kernel vulnerabilities2011-10-11

💬Community

1
Bugzilla
CVE-2011-2213 kernel: inet_diag: insufficient validation2011-06-20
CVE-2011-2213 (MEDIUM CVSS 4.9) | The inet_diag_bc_audit function in | cvebase.io