Vulnerability Details : CVE-2011-2022
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-2022
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2022
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2011-2022
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2022
-
http://openwall.com/lists/oss-security/2011/04/22/7
oss-security - Re: CVE request: kernel: buffer overflow and DoS issues in agpMailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/47843
Linux Kernel 'agp_ioctl()' Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://openwall.com/lists/oss-security/2011/04/21/4
oss-security - CVE request: kernel: buffer overflow and DoS issues in agpMailing List;Patch;Third Party Advisory
-
https://lkml.org/lkml/2011/4/14/293
LKML: Vasiliy Kulikov: [PATCH] char: agp: fix arbitrary kernel memory writesPatch;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2011-0927.html
RHSA-2011:0927 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=698996
698996 – (CVE-2011-1745, CVE-2011-2022) CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctlsIssue Tracking;Patch;Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5
404: File not foundRelease Notes;Vendor Advisory
Products affected by CVE-2011-2022
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_aus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*