CVE-2011-4131

Published: 17 May 2012

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.

From the Ubuntu security team

Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by bf118a342f10dafe44b14451a1392c3254629a1f
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-1.3])
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-1.9])
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [see note])
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [see note])
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-3.21])
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-4.19])
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
jdstrand
e5012d1f3861d18c7f3814e757c1c3ab3741dbcd is incomplete
http://www.spinics.net/lists/linux-nfs/msg25288.html is proposed
patch
apw
http://www.spinics.net/lists/linux-nfs/msg25746.html implies the proposed
patch needs further work, awaiting resubmission
http://www.spinics.net/lists/linux-nfs/msg26023.html looks to be the
fixed patch, waiting on feedback
now upstream as bf118a342f10dafe44b14451a1392c3254629a1f
jj
removed original incomplete e5012d1f3861d18c7f3814e757c1c3ab3741dbcd
as breakfix
jdstrand
too intrusive to backport. Requires connecting to malicious NFS v4
server

References

Bugs