Summary: | linux < 2.6.31-rc6 kernel: nfs: diotest4 from LTP crash client null pointer deref (CVE-2011-4325) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED OBSOLETE | ||
Severity: | minor | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=755455 | ||
Whiteboard: | [linux < 2.6.31-rc6] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Harrison
2012-02-24 10:35:37 UTC
CVE-2011-4325 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4325): The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP. There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security. |