CVE-2011-3363

MEDIUM

Linux Kernel < 2.6.39 - Denial of Service via CIFS DFS Referral Handling

Title source: llm
STIX 2.1

Description

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

References (5)

Core 5
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/14/12
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=738291

Scores

CVSS v3 6.5
EPSS 0.0084
EPSS Percentile 53.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (2)
linux/linux_kernel < 2.6.39
redhat/enterprise_linux 4.0
Published May 24, 2012
Tracked Since Feb 18, 2026