Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-2022 | First vendor Publication | 2011-05-09 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13013 | |||
Oval ID: | oval:org.mitre.oval:def:13013 | ||
Title: | DSA-2240-1 linux-2.6 -- privilege escalation/denial of service/information leak | ||
Description: | CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service. CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory. CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization. CVE-2011-1016 Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the "video" group. CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1090 Neil Horman discovered a memory leak in the setacl call on NFSv4 filesystems. Local users can explot this to cause a denial of service. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1478 Ryan Sweat reported an issue in the Generic Receive Offload support in the Linux networking subsystem. If an interface has GRO enabled and is running in promiscuous mode, remote users can cause a denial of service by sending packets on an unknown VLAN. CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP protocol. A remote user can cause a denial of service by providing specially crafted facilities fields. CVE-2011-1494 Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges by specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1495 Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges and ready arbitrary kernel memory by using specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1585 Jeff Layton reported an issue in the Common Internet File System. Local users can bypass authentication requirements for shares that are already mounted by another user. CVE-2011-1593 Robert Swiecki reported a signednes issue in the next_pidmap function, which can be exploited my local users to cause a denial of service. CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call. CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialisation. CVE-2011-1770 Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol. Remote users can cause a denial of service or potentially obtain access to sensitive kernel memory. CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group. This update also includes changes queued for the next point release of Debian 6.0, which also fix various non-security issues | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2240-1 CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20545 | |||
Oval ID: | oval:org.mitre.oval:def:20545 | ||
Title: | VMware ESXi and ESX updates to third party library and ESX Service Console | ||
Description: | The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2022 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for kernel CESA-2011:0927 centos5 x86_64 File : nvt/gb_CESA-2011_0927_kernel_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for kernel RHSA-2011:1350-01 File : nvt/gb_RHSA-2011_1350-01_kernel.nasl |
2012-03-15 | Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser... File : nvt/gb_VMSA-2012-0001.nasl |
2011-09-23 | Name : Ubuntu Update for linux-ti-omap4 USN-1212-1 File : nvt/gb_ubuntu_USN_1212_1.nasl |
2011-09-16 | Name : Ubuntu Update for linux-ti-omap4 USN-1202-1 File : nvt/gb_ubuntu_USN_1202_1.nasl |
2011-08-12 | Name : Ubuntu Update for linux-lts-backport-maverick USN-1187-1 File : nvt/gb_ubuntu_USN_1187_1.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2011:0927 centos5 i386 File : nvt/gb_CESA-2011_0927_kernel_centos5_i386.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2264-1 (linux-2.6) File : nvt/deb_2264_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux-mvl-dove USN-1159-1 File : nvt/gb_ubuntu_USN_1159_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux-ec2 USN-1161-1 File : nvt/gb_ubuntu_USN_1161_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux USN-1167-1 File : nvt/gb_ubuntu_USN_1167_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux USN-1168-1 File : nvt/gb_ubuntu_USN_1168_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux USN-1170-1 File : nvt/gb_ubuntu_USN_1170_1.nasl |
2011-07-18 | Name : RedHat Update for kernel RHSA-2011:0927-01 File : nvt/gb_RHSA-2011_0927-01_kernel.nasl |
2011-07-08 | Name : Ubuntu Update for linux USN-1160-1 File : nvt/gb_ubuntu_USN_1160_1.nasl |
2011-07-08 | Name : Ubuntu Update for linux-mvl-dove USN-1162-1 File : nvt/gb_ubuntu_USN_1162_1.nasl |
2011-07-08 | Name : Ubuntu Update for linux-fsl-imx51 USN-1164-1 File : nvt/gb_ubuntu_USN_1164_1.nasl |
2011-06-24 | Name : Fedora Update for kernel FEDORA-2011-6447 File : nvt/gb_fedora_2011_6447_kernel_fc13.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73045 | Linux Kernel drivers/char/agp/generic.c agp_generic_remove_memory Function AG... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-02-02 | IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity : Category I - VMSKEY : V0031252 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0001_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1090.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1253.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kernel-110726.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_608089_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0927.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1350.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110715_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111005_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7729.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7665.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7666.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7734.nasl - Type : ACT_GATHER_INFO |
2011-10-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1350.nasl - Type : ACT_GATHER_INFO |
2011-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1212-1.nasl - Type : ACT_GATHER_INFO |
2011-09-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1202-1.nasl - Type : ACT_GATHER_INFO |
2011-08-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1187-1.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0927.nasl - Type : ACT_GATHER_INFO |
2011-07-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1168-1.nasl - Type : ACT_GATHER_INFO |
2011-07-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1170-1.nasl - Type : ACT_GATHER_INFO |
2011-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0927.nasl - Type : ACT_GATHER_INFO |
2011-07-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1161-1.nasl - Type : ACT_GATHER_INFO |
2011-07-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1167-1.nasl - Type : ACT_GATHER_INFO |
2011-07-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1159-1.nasl - Type : ACT_GATHER_INFO |
2011-07-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1164-1.nasl - Type : ACT_GATHER_INFO |
2011-07-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1162-1.nasl - Type : ACT_GATHER_INFO |
2011-06-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1160-1.nasl - Type : ACT_GATHER_INFO |
2011-06-22 | Name : The remote Fedora host is missing a security update. File : fedora_2011-6447.nasl - Type : ACT_GATHER_INFO |
2011-06-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2264.nasl - Type : ACT_GATHER_INFO |
2011-06-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2240.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:16:07 |
|
2024-02-01 12:04:36 |
|
2023-11-07 21:47:27 |
|
2023-09-05 12:15:05 |
|
2023-09-05 01:04:28 |
|
2023-09-02 12:15:09 |
|
2023-09-02 01:04:32 |
|
2023-08-12 12:18:17 |
|
2023-08-12 01:04:32 |
|
2023-08-11 12:15:14 |
|
2023-08-11 01:04:41 |
|
2023-08-06 12:14:38 |
|
2023-08-06 01:04:33 |
|
2023-08-04 12:14:43 |
|
2023-08-04 01:04:34 |
|
2023-07-14 12:14:42 |
|
2023-07-14 01:04:31 |
|
2023-03-29 01:16:37 |
|
2023-03-28 12:04:38 |
|
2022-10-11 12:13:06 |
|
2022-10-11 01:04:17 |
|
2022-03-11 01:10:50 |
|
2021-05-25 12:08:16 |
|
2021-05-04 12:17:12 |
|
2021-04-22 01:20:22 |
|
2020-08-11 12:06:18 |
|
2020-08-08 01:06:22 |
|
2020-08-07 12:06:28 |
|
2020-08-07 00:22:46 |
|
2020-08-01 09:22:45 |
|
2020-08-01 05:22:41 |
|
2020-07-30 00:22:43 |
|
2020-07-29 21:23:05 |
|
2020-05-23 01:44:32 |
|
2020-05-23 00:28:34 |
|
2019-01-25 12:03:56 |
|
2018-11-17 12:02:27 |
|
2018-10-30 12:04:13 |
|
2016-07-01 11:07:32 |
|
2016-06-29 00:20:32 |
|
2016-06-28 18:40:12 |
|
2016-04-26 20:46:39 |
|
2016-03-04 13:26:25 |
|
2014-11-27 13:27:56 |
|
2014-11-18 13:25:49 |
|
2014-07-23 13:24:35 |
|
2014-06-14 13:30:47 |
|
2014-02-17 11:02:37 |
|
2014-01-14 13:19:59 |
|
2013-11-11 12:39:26 |
|
2013-05-10 23:01:03 |
|