CVE-2011-3191

HIGH

Linux Kernel < 3.1 - Memory Corruption via CIFSFindNext Integer Signedness Error

Title source: llm
STIX 2.1

Description

Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.

References (5)

Core 5
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/24/2
Mailing List, Patch, Vendor Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=732869

Scores

CVSS v3 8.8
EPSS 0.0108
EPSS Percentile 61.1%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
linux/linux_kernel < 3.0.5
redhat/enterprise_linux 4.0
Published May 24, 2012
Tracked Since Feb 18, 2026