Vulnerability Details : CVE-2011-2695
Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.
Vulnerability category: Denial of service
Threat overview for CVE-2011-2695
Top countries where our scanners detected CVE-2011-2695
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2011-2695 67
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-2695!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-2695
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2695
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2011-2695
-
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2695
-
http://www.openwall.com/lists/oss-security/2011/07/15/7
oss-security - CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse fileMailing List;Third Party Advisory
-
http://www.spinics.net/lists/linux-ext4/msg25697.html
[PATCH 1/2] ext4: Fix max file size and logical block counting of extent format file (Linux Ext4)Exploit;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=722557
722557 – (CVE-2011-2695) CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse fileIssue Tracking;Patch;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc5
404: File not foundBroken Link
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f17722f917b2f21497deb6edc62fb1683daa08e6
-
http://www.openwall.com/lists/oss-security/2011/07/15/8
oss-security - Re: CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse fileMailing List;Third Party Advisory
Products affected by CVE-2011-2695
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:-:*:*:*:*:*:*