CVE-2011-3353
Published: 15 December 2011
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
From the Ubuntu Security Team
Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Released
(2.6.32-35.78)
|
|
maverick |
Released
(2.6.35-32.65)
|
|
natty |
Released
(2.6.38-13.55)
|
|
oneiric |
Not vulnerable
(3.0.0-10.16)
|
|
precise |
Not vulnerable
(3.1.0-1.1)
|
|
upstream |
Released
(3.1~rc4)
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-1465.html Introduced by 3b463ae0c6264f70e5d4c0a9c46af20fed43c96e |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
(3.2.0-1600.1)
|
|
upstream |
Released
(3.1~rc4)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.6.32-319.39)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(3.1~rc4)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(3.1~rc4)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.6.35-32.65~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(3.1~rc4)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.6.38-13.55~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(3.1~rc4)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(3.0.0-11.18~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(3.1~rc4)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.6.32-219.37)
|
|
maverick |
Released
(2.6.32-419.37)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(3.1~rc4)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Released
(2.6.35-903.29)
|
|
natty |
Released
(2.6.38-1209.20)
|
|
oneiric |
Not vulnerable
(3.0.0-1205.10)
|
|
precise |
Not vulnerable
(3.0.0-1401.2)
|
|
upstream |
Released
(3.1~rc4)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353
- https://ubuntu.com/security/notices/USN-1319-1
- https://ubuntu.com/security/notices/USN-1325-1
- https://ubuntu.com/security/notices/USN-1329-1
- https://ubuntu.com/security/notices/USN-1253-1
- https://ubuntu.com/security/notices/USN-1239-1
- https://ubuntu.com/security/notices/USN-1245-1
- https://ubuntu.com/security/notices/USN-1240-1
- https://ubuntu.com/security/notices/USN-1361-1
- https://ubuntu.com/security/notices/USN-1362-1
- https://ubuntu.com/security/notices/USN-1386-1
- https://ubuntu.com/security/notices/USN-1387-1
- NVD
- Launchpad
- Debian