SB2011050901 - Multiple vulnerabilities in Linux kernel
Published: May 9, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2011-1745)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.
2) Input validation error (CVE-ID: CVE-2011-1746)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
3) Resource management error (CVE-ID: CVE-2011-1747)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls.
4) Input validation error (CVE-ID: CVE-2011-2022)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.
Remediation
Install update from vendor's website.
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce
- http://openwall.com/lists/oss-security/2011/04/21/4
- http://openwall.com/lists/oss-security/2011/04/22/7
- http://rhn.redhat.com/errata/RHSA-2011-0927.html
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5
- http://www.securityfocus.com/bid/47534
- https://bugzilla.redhat.com/show_bug.cgi?id=698996
- https://lkml.org/lkml/2011/4/14/293
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355
- http://www.securityfocus.com/bid/47535
- https://bugzilla.redhat.com/show_bug.cgi?id=698998
- https://lkml.org/lkml/2011/4/14/294
- https://lkml.org/lkml/2011/4/19/400
- http://openwall.com/lists/oss-security/2011/04/22/10
- http://openwall.com/lists/oss-security/2011/04/22/11
- http://openwall.com/lists/oss-security/2011/04/22/8
- http://openwall.com/lists/oss-security/2011/04/22/9
- http://securitytracker.com/id?1025441
- http://www.securityfocus.com/bid/47832
- https://bugzilla.redhat.com/show_bug.cgi?id=698999
- http://www.securityfocus.com/bid/47843