Published: 18/02/2011 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel prior to 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux server 5.0
redhat enterprise linux workstation 5.0
redhat enterprise linux desktop 5.0
redhat enterprise linux server aus 5.6
redhat enterprise linux eus 5.6

Multiple kernel flaws have been fixed ...

Multiple kernel flaws ...

An attacker could send crafted input to the kernel and cause it to crash ...

Multiple kernel flaws have been fixed ...

Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly A local user could exploit this to read kernel stack memory, leading to a loss of privacy Brad Spengler discovered that stack memory for new a process was not correctly calculated A local attacker could exploit this to crash ...

CWE-909 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 https://bugzilla.redhat.com/show_bug.cgi?id=667916 http://www.securityfocus.com/bid/46488 http://rhn.redhat.com/errata/RHSA-2011-0927.html https://exchange.xforce.ibmcloud.com/vulnerabilities/65563 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7182afea8d1afd432a17c18162cc3fd441d0da93 https://nvd.nist.gov https://usn.ubuntu.com/1204-1/

CVE-2011-1044

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect