Vulnerabilities > CVE-2011-4594 - NULL Pointer Dereference vulnerability in Linux Kernel

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
CWE-476
nessus

Summary

The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference.

Vulnerable Configurations

Part Description Count
OS
Linux
1408

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-55.NASL
    descriptionA buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69662
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69662
    titleAmazon Linux AMI : kernel (ALAS-2012-55)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1275-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Mathieu Desnoyers discovered that the kernel sockets implementation incorrectly dereferenced user pointers. A local attacker could possibly exploit this to crash the system. (CVE-2011-4594). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56917
    published2011-11-22
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56917
    titleUbuntu 11.10 : linux vulnerability (USN-1275-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0350.NASL
    descriptionUpdated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58275
    published2012-03-08
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58275
    titleCentOS 6 : kernel (CESA-2012:0350)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0350.NASL
    descriptionUpdated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-04-16
    modified2012-03-07
    plugin id58261
    published2012-03-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58261
    titleRHEL 6 : kernel (RHSA-2012:0350)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0422.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes two security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79285
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79285
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2012:0422)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0350.NASL
    descriptionFrom Red Hat Security Advisory 2012:0350 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id68491
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68491
    titleOracle Linux 6 : kernel (ELSA-2012-0350)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120306_KERNEL_ON_SL6_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2012-08-01
    plugin id61277
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61277
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120306)

Redhat

rpms
  • kernel-0:2.6.32-220.7.1.el6
  • kernel-bootwrapper-0:2.6.32-220.7.1.el6
  • kernel-debug-0:2.6.32-220.7.1.el6
  • kernel-debug-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-debug-devel-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.7.1.el6
  • kernel-devel-0:2.6.32-220.7.1.el6
  • kernel-doc-0:2.6.32-220.7.1.el6
  • kernel-firmware-0:2.6.32-220.7.1.el6
  • kernel-headers-0:2.6.32-220.7.1.el6
  • kernel-kdump-0:2.6.32-220.7.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-kdump-devel-0:2.6.32-220.7.1.el6
  • perf-0:2.6.32-220.7.1.el6
  • perf-debuginfo-0:2.6.32-220.7.1.el6
  • python-perf-0:2.6.32-220.7.1.el6