Vulnerabilities > CVE-2011-2521 - Numeric Errors vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1350.NASL description Updated kernel packages that fix several security issues, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important) * An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important) * A race condition flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 56404 published 2011-10-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56404 title RHEL 6 : kernel (RHSA-2011:1350) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1350.NASL description From Red Hat Security Advisory 2011:1350 : Updated kernel packages that fix several security issues, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important) * An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important) * A race condition flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68364 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68364 title Oracle Linux 6 : kernel (ELSA-2011-1350) NASL family Scientific Linux Local Security Checks NASL id SL_20111005_KERNEL_ON_SL6_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important) - An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important) - A race condition flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61148 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61148 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
Redhat
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID: 48580 CVE ID:CVE-2011-2521 Linux是一款开放源代码的操作系统。 Linux Kernel 'x86_assign_hw_event()'存在安全漏洞,允许本地攻击者破坏Intel处理器计数器的计算,可导致拒绝服务攻击。 Linux kernel 2.6.38 Linux kernel 2.6.38.6 Linux kernel 2.6.38.4 Linux kernel 2.6.38.3 Linux kernel 2.6.38.2 Linux kernel 2.6.38-rc7 Linux kernel 2.6.38-rc4 Linux kernel 2.6.38-rc2 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fc66c5210ec2539e800e87d7b3a985323c7be96e |
| id | SSV:20715 |
| last seen | 2017-11-19 |
| modified | 2011-07-10 |
| published | 2011-07-10 |
| reporter | Root |
| title | Linux Kernel 'x86_assign_hw_event()'本地拒绝服务漏洞 |
References
- http://www.openwall.com/lists/oss-security/2011/07/06/4
- https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- https://bugzilla.redhat.com/show_bug.cgi?id=719228
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc66c5210ec2539e800e87d7b3a985323c7be96e