CVE-2011-0699 - OpenCVE

Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:2.6.37:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=linux-kernel&m=129726078708425&w=2
http://marc.info/?l=oss-security&m=129726743519620&w=2
http://vulnfactory.org/vulns/
https://github.com/BlankOn/linux-debian/blob/master/debian/changelog.BlankOn
https://marc.info/?l=linux-kernel&m=129726078708425&w=2
https://nvd.nist.gov/vuln/detail/CVE-2011-0699
https://www.cve.org/CVERecord?id=CVE-2011-0699

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-20T17:18:53

Updated: 2024-08-06T21:58:26.164Z

Reserved: 2011-01-31T00:00:00

Link: CVE-2011-0699

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-20T18:15:11.077

Modified: 2020-02-25T15:19:07.263

Link: CVE-2011-0699

Redhat

Severity : Low

Publid Date: 2020-02-20T00:00:00Z

Links: CVE-2011-0699 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:*:*:*:*:*:*:*", "matchCriteriaId": "18CBFC41-E9A9-456C-8A61-8DB2E6CE2E98", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value."}, {"lang": "es", "value": "Un error en la propiedad signedness de enteros en la funci\u00f3n btrfs_ioctl_space_info en el kernel de Linux versi\u00f3n 2.6.37, permite a usuarios locales causar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en la regi\u00f3n heap de la memoria) o posiblemente tener otro impacto no especificado por medio de un valor de slot dise\u00f1ado."}], "id": "CVE-2011-0699", "lastModified": "2020-02-25T15:19:07.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-20T18:15:11.077", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://marc.info/?l=linux-kernel&m=129726078708425&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=oss-security&m=129726743519620&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://vulnfactory.org/vulns/"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/BlankOn/linux-debian/blob/master/debian/changelog.BlankOn"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: integer signedness error in the btrfs_ioctl_space_info function could lead to a DoS", "id": "1816142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816142"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value.", "A flaw was found in the BTRFS implementation in the Linux kernel, where a local user with elevated permissions (either root user or in the disk group) can issue an ioctl to the /dev/btrfs-control device node. This flaw panics the system and allows memory allocation if a specially crafted ioctl is made that abuses the logic when comparing values with different types."], "mitigation": {"lang": "en:us", "value": "As the BTRFS module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install btrfs /bin/true\" >> /etc/modprobe.d/disable-btrfs.conf\nThe system will need to be restarted if the BTRFS modules are loaded, it may be possible to unload them. In most circumstances, the BTRFS kernel modules will be unable to be unloaded while any BTRFS filesystems are mounted or in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services."}, "name": "CVE-2011-0699", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-02-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0699\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0699\nhttps://marc.info/?l=linux-kernel&m=129726078708425&w=2"], "statement": "Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG as they did not backport the upstream commit bf5fc093c that introduced this issue.", "threat_severity": "Low"}