CVE-2011-4132Improper Input Validation in Kernel

CWE-20Improper Input Validation22 documents8 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 75.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelSuse Linux Enterprise Server
Timeline
PublishedJan 27
Latest updateMay 14

Description

The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

Ubuntulinux/linux_kernel< 3.11.0-12.19+1

🔴Vulnerability Details

3
GHSA
GHSA-cwc2-grvm-9422: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 22022-05-14
CVEList
CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 22012-01-27
OSV
CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 22011-11-18

📋Vendor Advisories

15
Ubuntu
Linux kernel vulnerability2012-01-23
Ubuntu
Linux kernel (Oneiric backport) vulnerabilities2012-01-23
Ubuntu
Linux kernel (OMAP4) vulnerabilities2012-01-13
Ubuntu
Linux kernel vulnerabilities2011-12-19
Ubuntu
Linux kernel vulnerabilities2011-12-19

📄Research Papers

1
arXiv
The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective2022-04-26

💬Community

2
Bugzilla
CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops [fedora-all]2011-11-11
Bugzilla
CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops2011-11-11
CVE-2011-4132 — Improper Input Validation in Kernel | cvebase