CVE-2011-3353

Published: 15 December 2011

Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.

From the Ubuntu security team

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)
Patches:
Vendor: https://rhn.redhat.com/errata/RHSA-2011-1465.html
Introduced by 3b463ae0c6264f70e5d4c0a9c46af20fed43c96e
Fixed by c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae
linux-armadaxp
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1~rc4)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading