CVE-2011-0711

Impact:
Low
Public Date:
2011-02-10
IAVA:
2012-A-0020
Bugzilla:
677260: CVE-2011-0711 kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1

The MITRE CVE dictionary describes this issue as:

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

Find out more about CVE-2011-0711 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for the XFS file system. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise
MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-0498.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html.

CVSS v2 metrics

Base Score 2.1
Base Metrics AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2011:0500 2011-05-10
Red Hat Enterprise Linux 6 (kernel) RHSA-2011:0498 2011-05-10
Red Hat Enterprise Linux 5 (kernel) RHSA-2011:0927 2011-07-15

Acknowledgements

Red Hat would like to thank Dan Rosenberg for reporting this issue.
Last Modified

CVE description copyright © 2017, The MITRE Corporation