{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-08T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[mm-commits] 20110314 + fs-partitions-osfc-corrupted-osf-partition-table-can-cause-information-disclosure.patch added to -mm tree", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.spinics.net/lists/mm-commits/msg82737.html"}, {"name": "46878", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46878"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688021"}, {"name": "8189", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8189"}, {"name": "1025225", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025225"}, {"name": "[oss-security] 20110315 Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/15/14"}, {"name": "RHSA-2011:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"}, {"name": "[oss-security] 20110315 CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/15/9"}, {"tags": ["x_refsource_MISC"], "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://downloads.avaya.com/css/P8/documents/100145416"}, {"name": "20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517050"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"}, {"name": "SUSE-SU-2015:0812", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:27.836Z"}, "title": "CVE Program Container", "references": [{"name": "[mm-commits] 20110314 + fs-partitions-osfc-corrupted-osf-partition-table-can-cause-information-disclosure.patch added to -mm tree", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.spinics.net/lists/mm-commits/msg82737.html"}, {"name": "46878", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46878"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688021"}, {"name": "8189", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8189"}, {"name": "1025225", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025225"}, {"name": "[oss-security] 20110315 Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/15/14"}, {"name": "RHSA-2011:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"}, {"name": "[oss-security] 20110315 CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/15/9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://downloads.avaya.com/css/P8/documents/100145416"}, {"name": "20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/517050"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"}, {"name": "SUSE-SU-2015:0812", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1163", "datePublished": "2011-04-10T01:00:00", "dateReserved": "2011-03-03T00:00:00", "dateUpdated": "2024-08-06T22:14:27.836Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9988A98F-3440-467E-8ADA-1E413DC25C21", "versionEndExcluding": "2.6.38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "903512FC-0017-4564-9B89-7E64FFB14B11", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "BB6ADFB8-210D-4E46-82A2-1C8705928382", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing."}, {"lang": "es", "value": "La funci\u00f3n ofs/partitions/osf.c en el kernel de linux anterior a v2.6.38 no maneja correctamente un n\u00famero inv\u00e1lido de particiones, lo que permite a usuarios locales obtner informaci\u00f3n sensible del heap mediante vectores relacionados con el an\u00e1lisis de la tabla de particiones."}], "id": "CVE-2011-1163", "lastModified": "2023-02-13T01:19:02.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-10T02:51:19.460", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://downloads.avaya.com/css/P8/documents/100145416"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/03/15/14"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/03/15/9"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/securityalert/8189"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1025225"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/517050"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/46878"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.spinics.net/lists/mm-commits/msg82737.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688021"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Timo Warns for reporting this issue.", "affected_release": [{"advisory": "RHSA-2011:0500", "cpe": "cpe:/a:redhat:enterprise_mrg:1::el5", "package": "kernel-rt-0:2.6.33.9-rt31.64.el5rt", "product_name": "MRG for RHEL-5", "release_date": "2011-05-10T00:00:00Z"}, {"advisory": "RHSA-2011:0833", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-238.12.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-05-31T00:00:00Z"}, {"advisory": "RHSA-2011:0542", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-131.0.15.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-05-19T00:00:00Z"}, {"advisory": "RHSA-2011:0883", "cpe": "cpe:/o:redhat:rhel_eus:6.0", "package": "kernel-0:2.6.32-71.31.1.el6", "product_name": "Red Hat Enterprise Linux 6.0 EUS - Server Only", "release_date": "2011-06-21T00:00:00Z"}], "bugzilla": {"description": "kernel: fs/partitions: Corrupted OSF partition table infoleak", "id": "688021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688021"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing."], "name": "CVE-2011-1163", "public_date": "2011-03-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1163\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1163"], "statement": "This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for\nthis issue is not currently planned to be included in the future updates.", "threat_severity": "Low"}