CVE-2011-3345
OpenFabrics Enterprise Distribution < 1.5.3 - Denial of Service via /proc/net/sdpstats Read
Title source: llmDescription
ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45861
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/07/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/07/3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49486
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69631
Various Sources x_refsource_confirm
http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/06/3
Scores
EPSS
0.0034
EPSS Percentile
26.4%
Details
CWE
CWE-119
Status
published
Products (11)
openfabrics/enterprise_distribution
1.1
openfabrics/enterprise_distribution
1.2.5
openfabrics/enterprise_distribution
1.3
openfabrics/enterprise_distribution
1.3.1
openfabrics/enterprise_distribution
1.3.2
openfabrics/enterprise_distribution
1.4
openfabrics/enterprise_distribution
1.4.1
openfabrics/enterprise_distribution
1.4.2
openfabrics/enterprise_distribution
1.5
openfabrics/enterprise_distribution
1.5.1
... and 1 more
Published
Sep 19, 2011
Tracked Since
Feb 18, 2026