CVE-2011-1044

Priority
Description
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in
the Linux kernel before 2.6.37 does not initialize a certain response
buffer, which allows local users to obtain potentially sensitive
information from kernel memory via vectors that cause this buffer to be
only partially filled, a different vulnerability than CVE-2010-4649.
Ubuntu-Description
Dan Carpenter discovered that the Infiniband driver did not correctly
handle certain requests. A local user could exploit this to crash the
system or potentially gain root privileges.
Notes
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
More Information

Updated: 2019-12-05 20:56:43 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)