CVE-2011-3191 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer17 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 44.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Vmware Esxi +2 more

Timeline

PublishedMay 24

Latest updateMay 13

Description

Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel< 3.0.5

▶vmwarevmware/vmware_esxi

▶vmwarevmware/vmware_tools

▶vmwarevmware/vmware_workstation

Also affects: Enterprise Linux 4.0

Patches

Patch: www.kernel.org ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-xhj3-gjcc-48pc: Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb↗2022-05-13

▶

📋Vendor Advisories

VMware

VMware ESXi and ESX address several security issues↗2012-03-29

▶

Ubuntu

Linux kernel (Natty backport) vulnerabilities↗2011-11-09

▶

Ubuntu

Linux kernel vulnerabilities↗2011-11-08

▶

Ubuntu

Linux kernel vulnerabilities↗2011-10-25

▶

Ubuntu

Linux kernel (EC2) vulnerabilities↗2011-10-25

▶

💬Community

Bugzilla

CVE-2011-3191 kernel: cifs: signedness issue in CIFSFindNext() [fedora-all]↗2011-10-25

▶

Bugzilla

CVE-2011-3191 kernel: cifs: signedness issue in CIFSFindNext()↗2011-08-24

▶