CVE-2011-2491 — Uncontrolled Resource Consumption in Kernel

CWE-400 — Uncontrolled Resource Consumption16 documents6 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 79.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedMar 1

Latest updateMay 13

Description

The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages5 packages

▶NVDlinux/linux_kernel< 3.0

▶Ubuntulinux/linux_kernel< 3.11.0-12.19

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-23hf-jhww-867g: The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3↗2022-05-13

▶

OSV

CVE-2011-2491: The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3↗2011-10-06

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2011-12-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-11-29

▶

Ubuntu

Linux (Maverick backport) vulnerabilities↗2011-11-24

▶

Ubuntu

Linux (Natty backport) vulnerabilities↗2011-11-24

▶

Ubuntu

Linux (OMAP4) vulnerabilities↗2011-11-24

▶

💬Community

Bugzilla

CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share↗2011-05-31

▶