CVE-2011-4077
Linux Kernel 2.6.12-3.0.10 - Buffer Overflow in xfs_readlink
Title source: llmDescription
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
References (7)
Core 7
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/10/26/1
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=749156
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/10/26/3
Exploit, Third Party Advisory x_refsource_misc
http://xorl.wordpress.com/2011/12/07/cve-2011-4077-linux-kernel-xfs-readlink-memory-corruption/
Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://oss.sgi.com/archives/xfs/2011-10/msg00345.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48964
Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=139447903326211&w=2
Scores
EPSS
0.0056
EPSS Percentile
42.5%
Details
CWE
CWE-119
Status
published
Products (1)
linux/linux_kernel
2.6.12 - 3.0.11
Published
Jan 27, 2012
Tracked Since
Feb 18, 2026