CVE-2011-0695

Published: 15 March 2011

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.

From the Ubuntu security team

Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=29963437a48475036353b95ab142bf199adb909e
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=25ae21a10112875763c18b385624df713a288a05
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)