Vulnerability-Lookup

CVE-2011-1478 (GCVE-0-2011-1478)

Vulnerability from cvelistv5 – Published: 2011-10-23 10:00 – Updated: 2024-08-06 22:28

Summary

The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GHSA-XPMH-V8J6-G4HX

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-10-23T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.",
  "id": "GHSA-xpmh-v8j6-g4hx",
  "modified": "2022-05-13T01:24:44Z",
  "published": "2022-05-13T01:24:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1478"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=691270"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=66c46d741e2e60f0e8b625b80edb0ab820c46d7a"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6d152e23ad1a7a5b40fef1f42e017d66e6115159"
    },
    {
      "type": "WEB",
      "url": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/28/1"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8480"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-1478

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1478

Aliases

CVE-2011-1478

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1478",
    "description": "The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.",
    "id": "GSD-2011-1478",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-1478.html",
      "https://www.debian.org/security/2011/dsa-2240",
      "https://access.redhat.com/errata/RHSA-2011:1253",
      "https://access.redhat.com/errata/RHSA-2011:0439",
      "https://access.redhat.com/errata/RHSA-2011:0429",
      "https://access.redhat.com/errata/RHSA-2011:0421",
      "https://linux.oracle.com/cve/CVE-2011-1478.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1478"
      ],
      "details": "The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.",
      "id": "GSD-2011-1478",
      "modified": "2023-12-13T01:19:07.576187Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-1478",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/46397",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/46397"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/520102/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a",
            "refsource": "MISC",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159",
            "refsource": "MISC",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159"
          },
          {
            "name": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
            "refsource": "MISC",
            "url": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
          },
          {
            "name": "http://openwall.com/lists/oss-security/2011/03/28/1",
            "refsource": "MISC",
            "url": "http://openwall.com/lists/oss-security/2011/03/28/1"
          },
          {
            "name": "http://securityreason.com/securityalert/8480",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/8480"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=691270",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=691270"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.6.38",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1478"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=691270",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=691270"
            },
            {
              "name": "46397",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "[oss-security] 20110328 CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/03/28/1"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "name": "8480",
              "refsource": "SREASON",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://securityreason.com/securityalert/8480"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159",
              "refsource": "MISC",
              "tags": [],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a",
              "refsource": "MISC",
              "tags": [],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.7,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 5.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T04:29Z",
      "publishedDate": "2011-10-23T10:55Z"
    }
  }
}

CERTA-2011-AVI-571

Vulnerability from certfr_avis - Published: 2011-10-18 - Updated: 2011-10-18

De nombreuses vulnérabilités présentes dans des bibliothèques tierces parties utilisées par VMWare ESX et VMWare ESXi ont été corrigées.

Description

VMWare a corrigé un nombre conséquent de vulnérabilités dans des bibliothèques tierces utilisées par VMWare ESX et VMWare ESXi.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMWare ESXi 4.0.
	VMware	ESXi	VMWare ESX 4.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMWare WMSA-2011-0012 du 12 octobre 2011	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2011-0012 du 12 octobre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMWare ESXi 4.0.",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX 4.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nVMWare a corrig\u00e9 un nombre cons\u00e9quent de vuln\u00e9rabilit\u00e9s dans des\nbiblioth\u00e8ques tierces utilis\u00e9es par VMWare ESX et VMWare ESXi.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1083"
    },
    {
      "name": "CVE-2011-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1010"
    },
    {
      "name": "CVE-2010-4346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4346"
    },
    {
      "name": "CVE-2010-3477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3477"
    },
    {
      "name": "CVE-2010-4263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4263"
    },
    {
      "name": "CVE-2010-3859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3859"
    },
    {
      "name": "CVE-2011-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
    },
    {
      "name": "CVE-2010-4255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4255"
    },
    {
      "name": "CVE-2010-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2938"
    },
    {
      "name": "CVE-2010-4072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4072"
    },
    {
      "name": "CVE-2010-4655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4655"
    },
    {
      "name": "CVE-2010-3865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3865"
    },
    {
      "name": "CVE-2010-4343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4343"
    },
    {
      "name": "CVE-2010-3877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3877"
    },
    {
      "name": "CVE-2011-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
    },
    {
      "name": "CVE-2010-4526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4526"
    },
    {
      "name": "CVE-2010-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
    },
    {
      "name": "CVE-2010-4249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4249"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2010-3086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3086"
    },
    {
      "name": "CVE-2011-0282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0282"
    },
    {
      "name": "CVE-2011-1090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1090"
    },
    {
      "name": "CVE-2010-3442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3442"
    },
    {
      "name": "CVE-2010-4161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4161"
    },
    {
      "name": "CVE-2010-3015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3015"
    },
    {
      "name": "CVE-2011-1478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1478"
    },
    {
      "name": "CVE-2010-4157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4157"
    },
    {
      "name": "CVE-2011-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0536"
    },
    {
      "name": "CVE-2010-3699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3699"
    },
    {
      "name": "CVE-2010-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3066"
    },
    {
      "name": "CVE-2010-3067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3067"
    },
    {
      "name": "CVE-2010-4248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4248"
    },
    {
      "name": "CVE-2010-2942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2942"
    },
    {
      "name": "CVE-2010-4243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4243"
    },
    {
      "name": "CVE-2011-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1658"
    },
    {
      "name": "CVE-2010-3880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3880"
    },
    {
      "name": "CVE-2010-3858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3858"
    },
    {
      "name": "CVE-2010-3904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3904"
    },
    {
      "name": "CVE-2010-4247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4247"
    },
    {
      "name": "CVE-2010-3296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3296"
    },
    {
      "name": "CVE-2010-3078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3078"
    },
    {
      "name": "CVE-2010-4073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4073"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2010-1323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1323"
    },
    {
      "name": "CVE-2011-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0521"
    },
    {
      "name": "CVE-2010-4075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4075"
    },
    {
      "name": "CVE-2010-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4083"
    },
    {
      "name": "CVE-2011-0281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0281"
    },
    {
      "name": "CVE-2010-4081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4081"
    },
    {
      "name": "CVE-2010-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2492"
    },
    {
      "name": "CVE-2010-3876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3876"
    },
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    },
    {
      "name": "CVE-2010-4080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4080"
    },
    {
      "name": "CVE-2010-4238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4238"
    },
    {
      "name": "CVE-2010-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4242"
    },
    {
      "name": "CVE-2010-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2798"
    },
    {
      "name": "CVE-2011-0710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0710"
    },
    {
      "name": "CVE-2010-4158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4158"
    },
    {
      "name": "CVE-2010-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3432"
    },
    {
      "name": "CVE-2010-2943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2943"
    },
    {
      "name": "CVE-2011-1495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
    }
  ],
  "initial_release_date": "2011-10-18T00:00:00",
  "last_revision_date": "2011-10-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0012 du 12 octobre    2011 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    }
  ],
  "reference": "CERTA-2011-AVI-571",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans des biblioth\u00e8ques tierces\nparties utilis\u00e9es par \u003cspan class=\"textit\"\u003eVMWare ESX\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eVMWare ESXi\u003c/span\u003e ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans VMWare ESX et ESXi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare WMSA-2011-0012 du 12 octobre 2011",
      "url": null
    }
  ]
}

FKIE_CVE-2011-1478

Vulnerability from fkie_nvd - Published: 2011-10-23 10:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a
secalert@redhat.com	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159
secalert@redhat.com	http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38	Broken Link
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/03/28/1	Mailing List, Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/46397	Third Party Advisory
secalert@redhat.com	http://securityreason.com/securityalert/8480	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/520102/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2011-0012.html	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=691270	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159
af854a3a-2127-422b-91ae-364da2661108	http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/28/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/46397	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8480	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/520102/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0012.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=691270	Issue Tracking, Third Party Advisory

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9988A98F-3440-467E-8ADA-1E413DC25C21",
              "versionEndExcluding": "2.6.38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n napi_reuse_skb de net/core/dev.c en la implementaci\u00f3n  Generic Receive Offload (GRO) en el kernel de Linux anteriores a v2.6.38 no restablece los valores de algunos miembros de la estructura, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (puntero a NULL) a trav\u00e9s de una manupulaci\u00f3n de una trama VLAN."
    }
  ],
  "id": "CVE-2011-1478",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 5.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-23T10:55:02.953",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/28/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8480"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=691270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66c46d741e2e60f0e8b625b80edb0ab820c46d7a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6d152e23ad1a7a5b40fef1f42e017d66e6115159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=691270"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1478 (GCVE-0-2011-1478)

GHSA-XPMH-V8J6-G4HX

GSD-2011-1478

CERTA-2011-AVI-571

Description

Solution

FKIE_CVE-2011-1478

Tags

Sightings

Nomenclature