CVE-2011-0695

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.

Published: Mar 15, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0695
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.7
AV:A/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.0	2.6.39.4.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_server_aus	5.6	5.6.x
redhat / enterprise_linux_eus	5.6	5.6.x
canonical / ubuntu_linux	8.04	8.04.x

http://rhn.redhat.com/errata/RHSA-2011-0927.html
http://secunia.com/advisories/43693
http://www.openwall.com/lists/oss-security/2011/03/11/1
http://www.securityfocus.com/bid/46839
http://www.spinics.net/lists/linux-rdma/msg07447.html
http://www.spinics.net/lists/linux-rdma/msg07448.html
http://www.ubuntu.com/usn/USN-1146-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/66056

Vulnerability Database

289,599

CVE-2011-0695