Published: 27/01/2012 Updated: 13/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6
suse linux enterprise server 10

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix various security issues and several bugsare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix several security issues and two bugsare now available for Red Hat Enterprise MRG 20The Red Hat Security Response Team has rated this update as havingimportant secu ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, several bugs,and add one enhancement are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix multiple security issues and variousbugs are now available for Red Hat Enterprise MRG 21The Red Hat Security Response Team has rated this update as havingimportant ...

A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk (CVE-2011-4077, Moderate) Flaws in ghash_update() and ghash_final() co ...

IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services (CVE-2011-2699, Important) A signedness issue was found in the Linux kernel's CIFS (Common Internet File System) implementation A malicious CIFS server could send a specially- ...

Several security issues were fixed in the kernel ...

The system could be made to run programs as an administrator ...

CWE-20 http://www.securityfocus.com/bid/50663 https://bugzilla.redhat.com/show_bug.cgi?id=753341 http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/http://securitytracker.com/id?1026325 http://www.openwall.com/lists/oss-security/2011/11/13/4 http://www.openwall.com/lists/oss-security/2011/11/11/6 http://secunia.com/advisories/48898 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=8762202dd0d6e46854f786bdb6fb3780a1625efe https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2012:0350 https://usn.ubuntu.com/1312-1/https://alas.aws.amazon.com/ALAS-2012-55.html

Get Started

CVE-2011-4132

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect