CVE-2011-1745 : Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.

Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.

Published 2011-05-09 19:55:04

Updated 2023-02-13 00:17:11

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2011-1745

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-1745

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-1745

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1745

http://openwall.com/lists/oss-security/2011/04/22/7

oss-security - Re: CVE request: kernel: buffer overflow and DoS issues in agp
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/47534

Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
http://openwall.com/lists/oss-security/2011/04/21/4

oss-security - CVE request: kernel: buffer overflow and DoS issues in agp
Mailing List;Patch

CVEs referencing this url
https://lkml.org/lkml/2011/4/14/293

LKML: Vasiliy Kulikov: [PATCH] char: agp: fix arbitrary kernel memory writes
Patch;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2011-0927.html

RHSA-2011:0927 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=698996

698996 – (CVE-2011-1745, CVE-2011-2022) CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
Issue Tracking;Patch;Third Party Advisory

CVEs referencing this url
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5

404: File not found
Release Notes;Vendor Advisory

CVEs referencing this url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=194b3da873fd334ef183806db751473512af29ce

Products affected by CVE-2011-1745

Redhat » Enterprise Linux » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 5.6
cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Aus » Version: 5.6
cpe:2.3:o:redhat:enterprise_linux_aus:5.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 2.6.38.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-1745

Exploit prediction scoring system (EPSS) score for CVE-2011-1745

CVSS scores for CVE-2011-1745

CWE ids for CVE-2011-1745

References for CVE-2011-1745

Products affected by CVE-2011-1745