Integer overflow in Linux Linux_kernel
CVE-2011-1593
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.
Vulnerability class: Integer Overflow
EPSS: 0.000 (12.9th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel
- Canonical Ubuntu_linux — versions 8.04
- Redhat Enterprise_linux — versions 5.0
- Redhat Enterprise_linux_aus — versions 5.6
- Redhat Enterprise_linux_desktop — versions 5.0
- Redhat Enterprise_linux_eus — versions 5.6
- Redhat Enterprise_linux_server — versions 5.0
- Redhat Enterprise_linux_workstation — versions 5.0
- N/a — versions n/a
Weakness classification (CWE)
References
- USN-1146-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
- 44164 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- RHSA-2011:0927 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- kernel-nextpidmap-dos(66876) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- [oss-security] 20110419 CVE request -- kernel: proc: signedness issue in next_pidmap() (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- [linux-kernel] 20110418 Re: Kernel panic (NULL ptr deref?) in find_ge_pid()/next_pidmap() (via sys_getdents or sys_readdir) (mailing-list, x_refsource_MLIST, Exploit, Third Party Advisory)