CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
10.1%
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
suse | linux_enterprise_server | 10 | cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:* |
redhat | enterprise_linux_desktop | 5.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_desktop | 6.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_eus | 5.6 | cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:* |
redhat | enterprise_linux_server | 5.0 | cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_server | 6.0 | cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_server_aus | 5.6 | cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:* |
redhat | enterprise_linux_workstation | 5.0 | cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_workstation | 6.0 | cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
downloads.avaya.com/css/P8/documents/100145416
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
openwall.com/lists/oss-security/2011/03/15/14
openwall.com/lists/oss-security/2011/03/15/9
rhn.redhat.com/errata/RHSA-2011-0833.html
securityreason.com/securityalert/8189
securitytracker.com/id?1025225
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
www.pre-cert.de/advisories/PRE-SA-2011-02.txt
www.securityfocus.com/archive/1/517050
www.securityfocus.com/bid/46878
www.spinics.net/lists/mm-commits/msg82737.html
bugzilla.redhat.com/show_bug.cgi?id=688021