CVE-2011-1023

2012-06-2123:55:01

[email protected]

web.nvd.nist.gov

cve-2011-1023

linux kernel

rds subsystem

denial of service

vulnerability

nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤2.6.37.6

linuxlinux_kernelMatch2.6.37

linuxlinux_kernelMatch2.6.37rc1

linuxlinux_kernelMatch2.6.37rc2

linuxlinux_kernelMatch2.6.37rc3

linuxlinux_kernelMatch2.6.37rc4

linuxlinux_kernelMatch2.6.37rc5

linuxlinux_kernelMatch2.6.37.1

linuxlinux_kernelMatch2.6.37.2

linuxlinux_kernelMatch2.6.37.3

linuxlinux_kernelMatch2.6.37.4

linuxlinux_kernelMatch2.6.37.5

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.37.6
linux:linux_kernellinux linux kerneleq2.6.37
linux:linux_kernellinux linux kerneleq2.6.37.1
linux:linux_kernellinux linux kerneleq2.6.37.2
linux:linux_kernellinux linux kerneleq2.6.37.3
linux:linux_kernellinux linux kerneleq2.6.37.4
linux:linux_kernellinux linux kerneleq2.6.37.5

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.37.6
linux:linux_kernel	linux linux kernel	eq	2.6.37
linux:linux_kernel	linux linux kernel	eq	2.6.37.1
linux:linux_kernel	linux linux kernel	eq	2.6.37.2
linux:linux_kernel	linux linux kernel	eq	2.6.37.3
linux:linux_kernel	linux linux kernel	eq	2.6.37.4
linux:linux_kernel	linux linux kernel	eq	2.6.37.5