CVE-2011-0695

Published: 15 March 2011

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.

From the Ubuntu security team

Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=29963437a48475036353b95ab142bf199adb909e
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=25ae21a10112875763c18b385624df713a288a05
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc1)

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading