Home > Vulnerability Database > CVE-2011-1163

Mend.io Vulnerability Database

CVE-2011-1163

Good to know:

Date: April 9, 2011

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

Language: C

Severity Score

4.0

Related Resources (18)

Url: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05

Url: https://bugzilla.redhat.com/show_bug.cgi?id=688021

Url: http://www.securityfocus.com/bid/46878

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-1163

Url: http://openwall.com/lists/oss-security/2011/03/15/14

Url: http://www.spinics.net/lists/mm-commits/msg82737.html

Url: http://downloads.avaya.com/css/P8/documents/100145416

Url: http://rhn.redhat.com/errata/RHSA-2011-0833.html

Url: http://www.securityfocus.com/archive/1/517050

Url: http://securitytracker.com/id?1025225

Url: http://openwall.com/lists/oss-security/2011/03/15/9

Url: http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt

Url: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1163

Url: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Url: https://access.redhat.com/security/cve/CVE-2011-1163

Url: http://securityreason.com/securityalert/8189

Url: https://www.mend.io/vulnerability-database/CVE-2011-1163

Severity Score

4.0

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version v2.6.38

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-1163

Good to know:

Date: April 9, 2011

Language: C

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?