Vulnerability CVE-2011-4081

Vulnerability Name:

CVE-2011-4081 (CCN-75876)

Assigned:

2011-10-20

Published:

2011-10-20

Updated:

2023-02-13

Summary:

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.9 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2011-4081

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Linux Kernel GIT Repository
crypto: ghash - Avoid null pointer dereference if no key is set

Source: CCN
Type: RHSA-2012-0010
Important: kernel-rt security and bug fix update

Source: CCN
Type: RHSA-2012-0350
Moderate: kernel security and bug fix update

Source: secalert@redhat.com
Type: Mailing List, Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 76639
Linux Kernel NULL Pointer Dereference ghash Algorithm Local DoS

Source: CCN
Type: Red Hat Bugzilla Bug 749475
CVE-2011-4081 kernel: crypto: ghash: null pointer deref if no key is set

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
kernel-ghash-dos(75876)

Source: secalert@redhat.com
Type: Exploit, Patch, Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20114081	V	CVE-2011-4081	2022-05-20
oval:org.mitre.oval:def:27914	P	ELSA-2012-2003 -- Unbreakable Enterprise kernel security and bug fix update (important)	2015-03-16
oval:org.mitre.oval:def:15432	P	USN-1322-1 -- Linux kernel vulnerabilities	2014-07-07
oval:org.mitre.oval:def:15015	P	USN-1313-1 -- Linux Kernel (Oneiric backport) vulnerability	2014-06-30
oval:org.mitre.oval:def:15267	P	USN-1292-1 -- Linux kernel (Maverick backport) vulnerabilities	2014-06-30
oval:org.mitre.oval:def:14672	P	USN-1311-1 -- Linux kernel vulnerabilities	2014-06-30
oval:org.mitre.oval:def:15441	P	USN-1293-1 -- Linux kernel vulnerabilities	2014-06-30
oval:org.mitre.oval:def:15169	P	USN-1302-1 -- Linux kernel (OMAP4) vulnerabilities	2014-06-30
oval:org.mitre.oval:def:15276	P	USN-1304-1 -- Linux kernel (OMAP4) vulnerabilities	2014-06-30
oval:org.mitre.oval:def:14729	P	USN-1312-1 -- Linux kernel vulnerabilities	2014-06-30
oval:org.mitre.oval:def:15191	P	USN-1303-1 -- Linux kernel (Marvell DOVE) vulnerabilities	2014-06-30
oval:org.mitre.oval:def:15333	P	USN-1301-1 -- Linux kernel (Natty backport) vulnerabilities	2014-06-30
oval:org.mitre.oval:def:14799	P	USN-1299-1 -- Linux kernel (EC2) vulnerabilities	2014-06-30
oval:org.mitre.oval:def:15203	P	USN-1287-1 -- Linux (OMAP4) vulnerability	2014-06-30
oval:org.mitre.oval:def:23710	P	ELSA-2012:0350: kernel security and bug fix update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21098	P	RHSA-2012:0350: kernel security and bug fix update (Moderate)	2014-02-24
oval:com.ubuntu.precise:def:20114081000	V	CVE-2011-4081 on Ubuntu 12.04 LTS (precise) - low.	2012-05-24
oval:com.ubuntu.trusty:def:20114081000	V	CVE-2011-4081 on Ubuntu 14.04 LTS (trusty) - low.	2012-05-24
oval:com.ubuntu.xenial:def:201140810000000	V	CVE-2011-4081 on Ubuntu 16.04 LTS (xenial) - low.	2012-05-24
oval:com.ubuntu.xenial:def:20114081000	V	CVE-2011-4081 on Ubuntu 16.04 LTS (xenial) - low.	2012-05-24
oval:com.redhat.rhsa:def:20120350	P	RHSA-2012:0350: kernel security and bug fix update (Moderate)	2012-03-06

BACK