Medium severity6.5NVD Advisory· Published May 24, 2012· Updated Apr 29, 2026
CVE-2011-3363
CVE-2011-3363
Description
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
Affected products
2- cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
Patches
170945643722fcifs: always do is_path_accessible check in cifs_mount
1 file changed · +1 −1
fs/cifs/connect.c+1 −1 modified@@ -2831,7 +2831,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, remote_path_check: /* check if a whole path (including prepath) is not remote */ - if (!rc && cifs_sb->prepathlen && tcon) { + if (!rc && tcon) { /* build_path_to_root works only when we have a valid tcon */ full_path = cifs_build_path_to_root(cifs_sb, tcon); if (full_path == NULL) {
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- www.openwall.com/lists/oss-security/2011/09/14/12nvdMailing ListPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33nvdPatchThird Party Advisory
- ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39nvdBroken Link
- git.kernel.orgnvd
News mentions
0No linked articles in our index yet.