{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2011-05-26T16:00:00.000Z"}, "references": [{"name": "[oss-security] 20110413 CVE request - kernel: bonding: Incorrect TX queue offset", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/13/4"}, {"name": "1025558", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025558"}, {"name": "[oss-security] 20110413 Re: CVE request - kernel: bonding: Incorrect TX queue offset", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/13/16"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696029"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd0e435b0fe85622f167b84432552885a4856ac8"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.919Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110413 CVE request - kernel: bonding: Incorrect TX queue offset", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/13/4"}, {"name": "1025558", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025558"}, {"name": "[oss-security] 20110413 Re: CVE request - kernel: bonding: Incorrect TX queue offset", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/13/16"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696029"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd0e435b0fe85622f167b84432552885a4856ac8"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1581", "state": "PUBLISHED", "dateReserved": "2011-04-05T00:00:00.000Z", "datePublished": "2011-05-26T16:00:00.000Z", "dateUpdated": "2024-08-06T22:28:41.919Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "176353CE-F17E-4776-AD9F-19014DA75B76", "versionEndExcluding": "2.6.39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic."}, {"lang": "es", "value": "La funci\u00f3n bond_select_queue en drivers/net/bonding/bond_main.c en el kernel de Linux anteriores a v2.6.39, cuando esta configurado un dispositivo de red con un gran n\u00famero de colas de recepci\u00f3n pero el tx_queues es el predeterminado, no restringen adecuadamente los \u00edndices de cola, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (BUG y ca\u00edda del sistema) o posiblemente tener un impacto no especificado mediante el env\u00edo de tr\u00e1fico de red."}], "id": "CVE-2011-1581", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-26T16:55:04.817", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd0e435b0fe85622f167b84432552885a4856ac8"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/04/13/16"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/04/13/4"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1025558"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd0e435b0fe85622f167b84432552885a4856ac8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/04/13/16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/04/13/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1025558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696029"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0542", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-131.0.15.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-05-19T00:00:00Z"}], "bugzilla": {"description": "kernel: bonding: Incorrect TX queue offset", "id": "696029", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696029"}, "csaw": false, "cvss": {"cvss_base_score": "4.6", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic."], "name": "CVE-2011-1581", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 1"}], "public_date": "2011-03-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1581\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1581"], "statement": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit bb1d9123 that introduced this issue. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw.", "threat_severity": "Important"}

{}