2.1 CVE-2011-2210
Exploit Patch Ransomware Risk
The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call.
https://nvd.nist.gov/vuln/detail/CVE-2011-2210
Categories
CWE-264
References
CONFIRM Patch Exploit
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4 |
https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f Exploit Patch |
MISC
_MLIST
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:o:linux:linux_kernel:2.6.39:rc7:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:2.6.39:rc6:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:2.6.39:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:2.6.39.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:2.6.39:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:2.6.39:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | <= 2.6.39.3 | |
cpe:2.3:o:linux:linux_kernel:2.6.39:*:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:2.6.39:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:2.6.39.2:*:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:2.6.39:rc5:*:*:*:*:*:* |
REMEDIATION
Patch
Url |
---|
https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f |
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
Other (github, ...)
Url |
---|
https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
No entry |
MITRE
Sherlock® flash
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.
