CVE-2011-2498
Published: 28 June 2011
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
From the Ubuntu security team
The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Released
(2.6.38-10.44)
|
|
| oneiric |
Not vulnerable
(2.6.39-1.6)
|
|
| precise |
Not vulnerable
(3.1.0-1.1)
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Not vulnerable
(3.2.0-1600.1)
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Ignored
(binary supplied by "linux" now)
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.38-10.44~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
(3.0.0-5.6~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(2.6.39~rc6)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Not vulnerable
|
|
| natty |
Released
(2.6.38-1209.22)
|
|
| oneiric |
Not vulnerable
(3.0.0-1200.1)
|
|
| precise |
Not vulnerable
(3.0.0-1401.2)
|
|
| upstream |
Released
(2.6.39~rc6)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2498
- http://git.kernel.org/linus/a63d83f427f
- http://git.kernel.org/linus/f755a042d
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1380-1
- https://ubuntu.com/security/notices/USN-1383-1
- https://ubuntu.com/security/notices/USN-1386-1
- NVD
- Launchpad
- Debian