CVE-2011-2689 — Uncontrolled Resource Consumption in Kernel

CWE-400 — Uncontrolled Resource Consumption9 documents6 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 73.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedJul 28

Latest updateMay 13

Description

The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages5 packages

▶NVDlinux/linux_kernel< 3.0+1

▶Ubuntulinux/linux_kernel< 3.11.0-12.19

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-gfx4-r3v9-vph4: The gfs2_fallocate function in fs/gfs2/file↗2022-05-13

▶

OSV

CVE-2011-2689: The gfs2_fallocate function in fs/gfs2/file↗2011-07-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Natty backport) vulnerabilities↗2011-11-09

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-21

▶

Ubuntu

Linux kernel vulnerabilities↗2011-09-21

▶

Red Hat

kernel: gfs2: make sure fallocate bytes is a multiple of blksize↗2011-04-26

▶

💬Community

Bugzilla

CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize [fedora-all]↗2011-10-25

▶

Bugzilla

CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize↗2011-07-13

▶