drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:17
Type | Values Removed | Values Added |
---|---|---|
Summary | drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. | |
References |
|
02 Feb 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows | |
References |
|
Information
Published : 2011-05-03 19:55
Updated : 2023-12-10 11:03
NVD link : CVE-2011-1495
Mitre link : CVE-2011-1495
CVE.ORG link : CVE-2011-1495
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-20
Improper Input Validation