CVE-2011-1163

2011-04-1002:51:19

CWE-20

redhat

web.nvd.nist.gov

cve-2011-1163

linux kernel

osf_partition

information disclosure

security vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

Percentile

10.1%

JSON

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

Affected configurations

Nvd

Node

linuxlinux_kernelRange<2.6.38

Node

suselinux_enterprise_serverMatch10sp4ltss

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch5.6

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch5.6

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
suselinux_enterprise_server10cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
redhatenterprise_linux_desktop5.0cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus5.6cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
redhatenterprise_linux_server5.0cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus5.6cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*
redhatenterprise_linux_workstation5.0cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation6.0cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
suse	linux_enterprise_server	10	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
redhat	enterprise_linux_desktop	5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_eus	5.6	cpe:2.3:o:redhat:enterprise_linux_eus:5.6:::::::*
redhat	enterprise_linux_server	5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
redhat	enterprise_linux_server_aus	5.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:::::::*
redhat	enterprise_linux_workstation	5.0	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
redhat	enterprise_linux_workstation	6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*