Executive Summary

Informations
Name CVE-2011-2479 First vendor Publication 2013-03-01
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2479

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21968
 
Oval ID: oval:org.mitre.oval:def:21968
Title: RHSA-2011:0928: kernel security and bug fix update (Moderate)
Description: The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
Family: unix Class: patch
Reference(s): RHSA-2011:0928-01
CVE-2011-1767
CVE-2011-1768
CVE-2011-2479
Version: 42
Platform(s): Red Hat Enterprise Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23536
 
Oval ID: oval:org.mitre.oval:def:23536
Title: ELSA-2011:0928: kernel security and bug fix update (Moderate)
Description: The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
Family: unix Class: patch
Reference(s): ELSA-2011:0928-01
CVE-2011-1767
CVE-2011-1768
CVE-2011-2479
Version: 17
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27734
 
Oval ID: oval:org.mitre.oval:def:27734
Title: DEPRECATED: ELSA-2011-0928 -- kernel security and bug fix update (moderate)
Description: [2.6.32-131.6.1.el6] - [audit] ia32entry.S sign extend error codes when calling 64 bit code (Eric Paris) [713831 703935] - [audit] push audit success and retcode into arch ptrace.h (Eric Paris) [713831 703935] - [x86] intel-iommu: Flush unmaps at domain_exit (Alex Williamson) [713458 705441] - [x86] intel-iommu: Only unlink device domains from iommu (Alex Williamson) [713458 705441] - [virt] x86: Mask out unsupported CPUID features if running on xen (Igor Mammedov) [711546 703055] - [block] fix accounting bug on cross partition merges (Jerome Marchand) [682989 669363] - [net] vlan: remove multiqueue ability from vlan device (Neil Horman) [713494 703245] - [net] Fix netif_set_real_num_tx_queues (Neil Horman) [713492 702742] - [scsi] mpt2sas: move event handling of MPT2SAS_TURN_ON_FAULT_LED in process context (Tomas Henzl) [714190 701951] - [mm] thp: simple fix for /dev/zero THP mprotect bug (Andrea Arcangeli) [714762 690444] [2.6.32-131.5.1.el6] - [kernel] cgroupfs: use init_cred when populating new cgroupfs mount (Eric Paris) [713135 700538] - [netdrv] ixgbe: adding FdirMode module option (Andy Gospodarek) [711550 707287] - [crypto] testmgr: add xts-aes-256 self-test (Jarod Wilson) [711548 706167] - [fs] ext3: Fix lost extented attributes for inode with ino == 11 (Eric Sandeen) [712413 662666] - [mm] Prevent Disk IO throughput degradation due to memory allocation stalls (Larry Woodman) [711540 679526] - [net] sock: adjust prot->obj_size always (Jiri Pirko) [709381 704231] - [fs] GFS2: resource group bitmap corruption resulting in panics and withdraws (Robert S Peterson) [711528 702057] - [x86] kprobes: Disable irqs during optimized callback (Jiri Olsa) [711545 699865] - [mm] slab, kmemleak: pass the correct pointer to kmemleak_erase() (Steve Best) [712414 698023] - [net] fix netns vs proto registration ordering (Wade Mealing) [702305 702306] {CVE-2011-1767 CVE-2011-1768} - [ppc] Fix oops if scan_dispatch_log is called too early (Steve Best) [711524 696777] - [virt] i8259: initialize isr_ack (Avi Kivity) [711520 670765] - [virt] VMX: Save and restore tr selector across mode switches (Gleb Natapov) [711535 693894] - [virt] VMX: update live TR selector if it changes in real mode (Gleb Natapov) [711535 693894]
Family: unix Class: patch
Reference(s): ELSA-2011-0928
CVE-2011-1767
CVE-2011-1768
CVE-2011-2479
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1384

OpenVAS Exploits

Date Description
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0928-01
File : nvt/gb_RHSA-2011_0928-01_kernel.nasl
2011-11-25 Name : Ubuntu Update for linux-ti-omap4 USN-1281-1
File : nvt/gb_ubuntu_USN_1281_1.nasl
2011-11-11 Name : Ubuntu Update for linux-lts-backport-natty USN-1256-1
File : nvt/gb_ubuntu_USN_1256_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73237 Linux Kernel mm/huge_memory.c Transparent Hugepage (THP) MADV_HUGEPAGE DoS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0928.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1042.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110712_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-11-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1281-1.nasl - Type : ACT_GATHER_INFO
2011-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1256-1.nasl - Type : ACT_GATHER_INFO
2011-07-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1167-1.nasl - Type : ACT_GATHER_INFO
2011-07-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0928.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
https://bugzilla.redhat.com/show_bug.cgi?id=714761
https://github.com/torvalds/linux/commit/78f11a255749d09025f54d4e2df4fbcb0315...
MISC http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
MLIST http://www.openwall.com/lists/oss-security/2011/06/20/14

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Date Informations
2024-02-02 01:16:21
  • Multiple Updates
2024-02-01 12:04:40
  • Multiple Updates
2023-09-05 12:15:18
  • Multiple Updates
2023-09-05 01:04:32
  • Multiple Updates
2023-09-02 12:15:23
  • Multiple Updates
2023-09-02 01:04:36
  • Multiple Updates
2023-08-12 12:18:34
  • Multiple Updates
2023-08-12 01:04:38
  • Multiple Updates
2023-08-11 12:15:28
  • Multiple Updates
2023-08-11 01:04:45
  • Multiple Updates
2023-08-06 12:14:51
  • Multiple Updates
2023-08-06 01:04:38
  • Multiple Updates
2023-08-04 12:14:56
  • Multiple Updates
2023-08-04 01:04:39
  • Multiple Updates
2023-07-14 12:14:55
  • Multiple Updates
2023-07-14 01:04:36
  • Multiple Updates
2023-03-29 01:16:50
  • Multiple Updates
2023-03-28 12:04:42
  • Multiple Updates
2023-02-13 09:28:32
  • Multiple Updates
2022-10-11 12:13:18
  • Multiple Updates
2022-10-11 01:04:22
  • Multiple Updates
2022-03-11 01:11:00
  • Multiple Updates
2021-05-25 12:08:23
  • Multiple Updates
2021-05-04 12:17:11
  • Multiple Updates
2021-04-22 01:20:19
  • Multiple Updates
2020-08-11 12:06:24
  • Multiple Updates
2020-08-08 01:06:27
  • Multiple Updates
2020-08-07 12:06:34
  • Multiple Updates
2020-08-07 01:06:38
  • Multiple Updates
2020-08-01 09:22:45
  • Multiple Updates
2020-08-01 05:22:42
  • Multiple Updates
2020-07-30 00:22:43
  • Multiple Updates
2020-07-28 00:22:40
  • Multiple Updates
2020-05-23 01:44:47
  • Multiple Updates
2020-05-23 00:28:54
  • Multiple Updates
2019-01-25 12:03:59
  • Multiple Updates
2018-11-17 12:02:31
  • Multiple Updates
2018-10-30 12:04:17
  • Multiple Updates
2016-07-01 11:07:35
  • Multiple Updates
2016-06-29 00:20:55
  • Multiple Updates
2016-06-28 18:42:15
  • Multiple Updates
2016-04-26 20:51:15
  • Multiple Updates
2014-02-17 11:03:15
  • Multiple Updates
2013-05-10 23:02:55
  • Multiple Updates
2013-03-05 00:19:09
  • Multiple Updates
2013-03-04 21:18:50
  • Multiple Updates
2013-03-01 17:19:47
  • First insertion