CVE-2011-4611: Integer Overflow
First published: Thu Dec 15 2011(Updated: )
A PMC is 32 bits (ie an int). Since we pass it around as an unsigned long, we need to cast it before doing the comparison. This does not affect the upstream kernel as it is already fixed. This is an issue that was introduced in <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=720743">bug 720743</a>. Upstream commit: <a href="http://git.kernel.org/linus/0837e3242c73566fc1c0196b4ec61779c25ffc93">http://git.kernel.org/linus/0837e3242c73566fc1c0196b4ec61779c25ffc93</a> Acknowledgements: Red Hat would like to thank Maynard Johnson for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux kernel | <2.6.39 | |
| Linux Kernel | <2.6.39 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/torvalds/linux/commit/0837e3242c73566fc1c0196b4ec61779c25ffc93
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- https://bugzilla.redhat.com/show_bug.cgi?id=767914
- http://www.openwall.com/lists/oss-security/2011/12/15/2
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0837e3242c73566fc1c0196b4ec61779c25ffc93
- https://launchpad.net/bugs/cve/CVE-2011-4611
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=720743
- http://git.kernel.org/linus/0837e3242c73566fc1c0196b4ec61779c25ffc93
- https://access.redhat.com/security/cve/CVE-2011-4611
- http://seclists.org/oss-sec/2011/q4/504
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=782688
- https://rhn.redhat.com/errata/RHSA-2012-0350.html
- https://security-tracker.debian.org/tracker/CVE-2011-4611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4611
- https://nvd.nist.gov/vuln/detail/CVE-2011-4611
- https://ubuntu.com/security/CVE-2011-4611
Frequently Asked Questions
What is the severity of CVE-2011-4611?
CVE-2011-4611 is considered a low severity vulnerability as it does not affect the upstream kernel which has already been fixed.
How do I fix CVE-2011-4611?
To fix CVE-2011-4611, update the Linux kernel to version 2.6.39 or later.
Which versions of Linux are affected by CVE-2011-4611?
CVE-2011-4611 affects Linux Kernel versions prior to 2.6.39.
Is CVE-2011-4611 still a concern for users of the latest Linux distributions?
No, users of the latest Linux distributions are not affected since the vulnerability has already been fixed upstream.
What type of issue is CVE-2011-4611?
CVE-2011-4611 is primarily a type casting issue related to the handling of the process management context (PMC) in the kernel.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-4611
- agent/author
- agent/weakness
- agent/severity
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel