CVE-2011-2498Missing Release of Resource after Effective Lifetime in Kernel

CWE-772Missing Release of Resource after Effective Lifetime7 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 63.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelCanonical Ubuntu Linux
Timeline
PublishedFeb 20
Latest updateApr 22

Description

The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDlinux/linux_kernel2.3.362.6.39
CVEListV5linux/linux_kernelv2.3.36 before v2.6.39

Also affects: Ubuntu Linux 11.04, 12.04

🔴Vulnerability Details

1
GHSA
GHSA-x9xq-9225-2896: The Linux kernel from v22022-04-22

📋Vendor Advisories

4
Ubuntu
Linux kernel (OMAP4) vulnerabilities2012-03-06
Ubuntu
Linux kernel (Natty backport) vulnerabilities2012-03-06
Ubuntu
Linux kernel vulnerabilities2011-07-13
Red Hat
CVE-2011-2498: The Linux kernel from v2

💬Community

1
Bugzilla
CVE kernel non-issue statements2010-05-13
CVE-2011-2498 — Linux Kernel vulnerability | cvebase