CVE-2011-2517 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 69.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedMay 24

Latest updateMay 13

Description

Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages5 packages

▶NVDlinux/linux_kernel< 2.6.39.2

▶Ubuntulinux/linux_kernel< 3.11.0-12.19

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Also affects: Enterprise Linux 5.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7m92-7xrw-x2p7: Multiple buffer overflows in net/wireless/nl80211↗2022-05-13

▶

OSV

CVE-2011-2517: Multiple buffer overflows in net/wireless/nl80211↗2011-10-06

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2011-12-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-11-29

▶

Ubuntu

Linux (Maverick backport) vulnerabilities↗2011-11-24

▶

Ubuntu

Linux (Natty backport) vulnerabilities↗2011-11-24

▶

Ubuntu

Linux (OMAP4) vulnerabilities↗2011-11-24

▶

💬Community

Bugzilla

CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations↗2011-07-01

▶