Medium severity5.5NVD Advisory· Published May 24, 2012· Updated Apr 29, 2026

CVE-2011-2906

Description

Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <3.1

Patches

b5b515445f4f

[SCSI] pmcraid: reject negative request size

https://github.com/torvalds/linuxDan RosenbergJul 11, 2011via nvd-ref

commit

1 file changed · +3 −0

drivers/scsi/pmcraid.c+3 −0 modified

@@ -3871,6 +3871,9 @@ static long pmcraid_ioctl_passthrough(
 			pmcraid_err("couldn't build passthrough ioadls\n");
 			goto out_free_buffer;
 		}
+	} else if (request_size < 0) {
+		rc = -EINVAL;
+		goto out_free_buffer;
 	}
 
 	/* If data is being written into the device, copy the data from user

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1nvdMailing ListPatchVendor Advisory
www.openwall.com/lists/oss-security/2011/08/09/8nvdMailing ListPatchThird Party Advisory
github.com/torvalds/linux/commit/b5b515445f4f5a905c5dd27e6e682868ccd6c09dnvdExploitPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000