CVE-2011-3345

OpenFabrics Enterprise Distribution < 1.5.3 - Denial of Service via /proc/net/sdpstats Read

Title source: llm
STIX 2.1

Description

ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45861
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/07/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/07/3
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49486
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69631
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/06/3

Scores

EPSS 0.0034
EPSS Percentile 26.4%

Details

CWE
CWE-119
Status published
Products (11)
openfabrics/enterprise_distribution 1.1
openfabrics/enterprise_distribution 1.2.5
openfabrics/enterprise_distribution 1.3
openfabrics/enterprise_distribution 1.3.1
openfabrics/enterprise_distribution 1.3.2
openfabrics/enterprise_distribution 1.4
openfabrics/enterprise_distribution 1.4.1
openfabrics/enterprise_distribution 1.4.2
openfabrics/enterprise_distribution 1.5
openfabrics/enterprise_distribution 1.5.1
... and 1 more
Published Sep 19, 2011
Tracked Since Feb 18, 2026