NULL device name vulnerability in tomoyo_mount_acl function in Linux kernel

NULL device name vulnerability in tomoyo_mount_acl function in Linux kernel

CVE-2011-2518 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.