CVE-2011-2695

medium

Description

Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.

References

https://bugzilla.redhat.com/show_bug.cgi?id=722557

http://www.openwall.com/lists/oss-security/2011/07/15/8

http://www.openwall.com/lists/oss-security/2011/07/15/7

http://secunia.com/advisories/45193

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f17722f917b2f21497deb6edc62fb1683daa08e6

Details

Source: Mitre, NVD

Published: 2011-07-28

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium