CVE-2011-1163

Linux Kernel < 2.6.38 - Information Disclosure via OSF Partition Table Parsing

Title source: llm

Description

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

References (14)

Core 14

Core References

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.spinics.net/lists/mm-commits/msg82737.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/46878

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=688021

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8189

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1025225

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/03/15/14

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2011-0833.html

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/03/15/9

Third Party Advisory x_refsource_misc

http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt

Third Party Advisory x_refsource_confirm

http://downloads.avaya.com/css/P8/documents/100145416

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/517050

Broken Link x_refsource_confirm

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Scores

EPSS 0.0011

EPSS Percentile 28.6%

Details

CWE

CWE-20

Status published

Products (10)

linux/linux_kernel < 2.6.38

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 5.6

redhat/enterprise_linux_server 5.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 5.6

redhat/enterprise_linux_workstation 5.0

redhat/enterprise_linux_workstation 6.0

suse/linux_enterprise_server 10 sp4

Published Apr 10, 2011

Tracked Since Feb 18, 2026