Vulnerability Name:

CVE-2011-1495

Assigned:2011-04-05
Published:2011-04-05
Updated:2023-02-13
Summary:drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:ALLOWS_ADMIN_ACCESS
References:Source: MITRE
Type: CNA
CVE-2011-1495

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20111495
    V
    		CVE-2011-1495
    2017-09-27
    oval:org.mitre.oval:def:27793
    P
    		ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update (important)
    2015-03-16
    oval:org.mitre.oval:def:22352
    P
    		ELSA-2011:0833: kernel security and bug fix update (Important)
    2014-07-21
    oval:org.mitre.oval:def:13909
    P
    		USN-1164-1 -- linux-fsl-imx51 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:15138
    P
    		USN-1187-1 -- Linux kernel (Maverick backport) vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13238
    P
    		USN-1160-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20889
    P
    		USN-1212-1 -- linux-ti-omap4 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13956
    P
    		USN-1162-1 -- linux-mvl-dove vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:15398
    P
    		USN-1202-1 -- Linux kernel (OMAP4) vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13860
    P
    		USN-1168-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:14087
    P
    		USN-1161-1 -- linux-ec2 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13900
    P
    		USN-1159-1 -- linux-mvl-dove vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:14148
    P
    		USN-1167-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13013
    P
    		DSA-2240-1 linux-2.6 -- privilege escalation/denial of service/information leak
    2014-06-23
    oval:org.mitre.oval:def:23682
    P
    		ELSA-2011:0542: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21647
    P
    		RHSA-2011:0542: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update (Important)
    2014-02-24
    oval:org.mitre.oval:def:21965
    P
    		RHSA-2011:0833: kernel security and bug fix update (Important)
    2014-02-24
    oval:org.mitre.oval:def:20530
    V
    		VMware ESXi and ESX updates to third party library and ESX Service Console
    2014-01-20
    oval:org.mitre.oval:def:20404
    V
    		VMware ESX third party updates for Service Console packages glibc and dhcp
    2014-01-20
    oval:com.redhat.rhsa:def:20110833
    P
    		RHSA-2011:0833: kernel security and bug fix update (Important)
    2011-05-31
    oval:org.debian:def:2240
    V
    		privilege escalation/denial of service/information leak
    2011-05-24
    oval:com.redhat.rhsa:def:20110542
    P
    		RHSA-2011:0542: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update (Important)
    2011-05-19
    BACK