CVE-2011-3345

Publication date 19 September 2011

Last updated 24 July 2024

ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not affected
linux-ec2	11.04 natty	Not in release
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
linux-fsl-imx51	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
linux-lts-backport-maverick	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
linux-lts-backport-natty	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
linux-mvl-dove	11.04 natty	Not in release
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
linux-ti-omap4	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Other: http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git;a=commit;h=04bb801a31825d1559c4670253e1bea1291a1af8

References

Other references

https://www.cve.org/CVERecord?id=CVE-2011-3345