Unrated severityNVD Advisory· Published Jun 13, 2012· Updated Apr 29, 2026
CVE-2011-2182
CVE-2011-2182
Description
The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017.
Affected products
8cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=2.6.39
- cpe:2.3:o:linux:linux_kernel:2.6.39:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.39:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.39:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.39:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.39:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.39:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.39:rc7:*:*:*:*:*:*
Patches
1cae13fe4cc3fFix for buffer overflow in ldm_frag_add not sufficient
1 file changed · +5 −0
fs/partitions/ldm.c+5 −0 modified@@ -1335,6 +1335,11 @@ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags) list_add_tail (&f->list, frags); found: + if (rec >= f->num) { + ldm_error("REC value (%d) exceeds NUM value (%d)", rec, f->num); + return false; + } + if (f->map & (1 << rec)) { ldm_error ("Duplicate VBLK, part %d.", rec); f->map &= 0x7F; /* Mark the group as broken */
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6News mentions
0No linked articles in our index yet.