CVE-2011-4077

Linux Kernel 2.6.12-3.0.10 - Buffer Overflow in xfs_readlink

Title source: llm
STIX 2.1

Description

Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.

References (7)

Core 7
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/10/26/1
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=749156
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/10/26/3
Patch, Third Party Advisory mailing-list x_refsource_mlist
http://oss.sgi.com/archives/xfs/2011-10/msg00345.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48964
Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=139447903326211&w=2

Scores

EPSS 0.0056
EPSS Percentile 42.5%

Details

CWE
CWE-119
Status published
Products (1)
linux/linux_kernel 2.6.12 - 3.0.11
Published Jan 27, 2012
Tracked Since Feb 18, 2026