CVE-2011-3353
Published: 15 December 2011
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
From the Ubuntu security team
Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Released
(2.6.32-35.78)
|
|
| maverick |
Released
(2.6.35-32.65)
|
|
| natty |
Released
(2.6.38-13.55)
|
|
| oneiric |
Not vulnerable
(3.0.0-10.16)
|
|
| precise |
Not vulnerable
(3.1.0-1.1)
|
|
| upstream |
Released
(3.1~rc4)
|
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-1465.html Introduced by 3b463ae0c6264f70e5d4c0a9c46af20fed43c96e |
||
|
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Not vulnerable
(3.2.0-1600.1)
|
|
| upstream |
Released
(3.1~rc4)
|
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.32-319.39)
|
|
| maverick |
Ignored
(binary supplied by "linux" now)
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(3.1~rc4)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Ignored
(reached end-of-life)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(3.1~rc4)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.35-32.65~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(3.1~rc4)
|
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.38-13.55~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(3.1~rc4)
|
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
(3.0.0-11.18~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(3.1~rc4)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.32-219.37)
|
|
| maverick |
Released
(2.6.32-419.37)
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Released
(3.1~rc4)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Released
(2.6.35-903.29)
|
|
| natty |
Released
(2.6.38-1209.20)
|
|
| oneiric |
Not vulnerable
(3.0.0-1205.10)
|
|
| precise |
Not vulnerable
(3.0.0-1401.2)
|
|
| upstream |
Released
(3.1~rc4)
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353
- https://ubuntu.com/security/notices/USN-1319-1
- https://ubuntu.com/security/notices/USN-1325-1
- https://ubuntu.com/security/notices/USN-1329-1
- https://ubuntu.com/security/notices/USN-1253-1
- https://ubuntu.com/security/notices/USN-1239-1
- https://ubuntu.com/security/notices/USN-1245-1
- https://ubuntu.com/security/notices/USN-1240-1
- https://ubuntu.com/security/notices/USN-1361-1
- https://ubuntu.com/security/notices/USN-1362-1
- https://ubuntu.com/security/notices/USN-1386-1
- https://ubuntu.com/security/notices/USN-1387-1
- NVD
- Launchpad
- Debian