CVE-2011-4131
Publication date 17 May 2012
Last updated 24 July 2024
Ubuntu priority
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
From the Ubuntu Security Team
Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 14.04 LTS trusty |
Not affected
|
linux-armadaxp | 14.04 LTS trusty | Not in release |
linux-ec2 | 14.04 LTS trusty | Not in release |
linux-flo | 14.04 LTS trusty | Not in release |
linux-fsl-imx51 | 14.04 LTS trusty | Not in release |
linux-goldfish | 14.04 LTS trusty | Not in release |
linux-grouper | 14.04 LTS trusty | Not in release |
linux-lts-backport-maverick | 14.04 LTS trusty | Not in release |
linux-lts-backport-natty | 14.04 LTS trusty | Not in release |
linux-lts-backport-oneiric | 14.04 LTS trusty | Not in release |
linux-lts-quantal | 14.04 LTS trusty | Not in release |
linux-lts-raring | 14.04 LTS trusty | Not in release |
linux-lts-saucy | 14.04 LTS trusty | Not in release |
linux-lts-trusty | 14.04 LTS trusty | Not in release |
linux-maguro | 14.04 LTS trusty | Not in release |
linux-mako | 14.04 LTS trusty | Not in release |
linux-manta | 14.04 LTS trusty | Not in release |
linux-mvl-dove | 14.04 LTS trusty | Not in release |
linux-ti-omap4 | 14.04 LTS trusty | Not in release |
Notes
jdstrand
e5012d1f3861d18c7f3814e757c1c3ab3741dbcd is incomplete http://www.spinics.net/lists/linux-nfs/msg25288.html is proposed patch
apw
http://www.spinics.net/lists/linux-nfs/msg25746.html implies the proposed patch needs further work, awaiting resubmission http://www.spinics.net/lists/linux-nfs/msg26023.html looks to be the fixed patch, waiting on feedback now upstream as bf118a342f10dafe44b14451a1392c3254629a1f
jj
removed original incomplete e5012d1f3861d18c7f3814e757c1c3ab3741dbcd as breakfix
jdstrand
too intrusive to backport. Requires connecting to malicious NFS v4 server
References
Related Ubuntu Security Notices (USN)
- USN-1457-1
- Linux kernel vulnerabilities
- 31 May 2012
- USN-1476-1
- Linux kernel (OMAP4) vulnerabilities
- 15 June 2012
- USN-1470-1
- Linux kernel (Natty backport) vulnerabilities
- 12 June 2012
- USN-1472-1
- Linux kernel vulnerabilities
- 12 June 2012
- USN-1471-1
- Linux kernel (Oneiric backport) vulnerabilities
- 12 June 2012
- USN-1530-1
- Linux kernel (OMAP4) vulnerabilities
- 10 August 2012