CVE-2011-3637

Published: 12 January 2012

The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.

From the Ubuntu Security Team

A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service.

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	hardy	Not vulnerable
	lucid	Released (2.6.32-34.74)
	maverick	Released (2.6.35-30.58)
	natty	Released (2.6.38-11.49)
	oneiric	Not vulnerable (2.6.39-0.1)
	precise	Not vulnerable (3.1.0-1.1)
	quantal	Not vulnerable (3.1.0-1.0)
	upstream	Released (2.6.39~rc1)
	Patches: Introduced by ec6fd8a4355cda81cd9f06bebc048e83eb514ac7 Fixed by 76597cd31470fa130784c78fadb4dab2e624a723
linux-armadaxp Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Not vulnerable (3.2.0-1600.1)
	quantal	Not vulnerable (3.2.0-1602.5)
	upstream	Released (2.6.39~rc1)
linux-ec2 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.32-318.37)
	maverick	Ignored (end of life)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Released (2.6.39~rc1)
linux-fsl-imx51 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.31-610.28)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Released (2.6.39~rc1)
linux-lts-backport-maverick Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.35-30.58~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Released (2.6.39~rc1)
linux-lts-backport-natty Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.38-11.49~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Released (2.6.39~rc1)
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (3.0.0-5.6~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Released (2.6.39~rc1)
linux-mvl-dove Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.32-218.35)
	maverick	Released (2.6.32-418.35)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Released (2.6.39~rc1)
linux-ti-omap4 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Released (2.6.35-903.24)
	natty	Released (2.6.38-1209.15)
	oneiric	Not vulnerable (3.0.0-1200.1)
	precise	Not vulnerable (3.0.0-1401.2)
	quantal	Not vulnerable (3.0.0-1401.2)
	upstream	Released (2.6.39~rc1)

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›