CVE-2011-3353
Published: 15 December 2011
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
From the Ubuntu security team
Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
|
Patches: Vendor: https://rhn.redhat.com/errata/RHSA-2011-1465.html Introduced by 3b463ae0c6264f70e5d4c0a9c46af20fed43c96e Fixed by c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae |
||
|
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.1~rc4)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353
- https://usn.ubuntu.com/usn/usn-1319-1
- https://usn.ubuntu.com/usn/usn-1325-1
- https://usn.ubuntu.com/usn/usn-1329-1
- https://usn.ubuntu.com/usn/usn-1253-1
- https://usn.ubuntu.com/usn/usn-1239-1
- https://usn.ubuntu.com/usn/usn-1245-1
- https://usn.ubuntu.com/usn/usn-1240-1
- https://usn.ubuntu.com/usn/usn-1361-1
- https://usn.ubuntu.com/usn/usn-1362-1
- https://usn.ubuntu.com/usn/usn-1386-1
- https://usn.ubuntu.com/usn/usn-1387-1
- NVD
- Launchpad
- Debian