What is CVE-2011-1494?

CVE-2011-1494 is a Medium severity Linux kernel vulnerability with a CVSS score of 6.9 out of 10. CVE-2011-1494 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2011-1494?

CVE-2011-1494 has a CVSS score of 6.9 out of 10, rated Medium severity. The vector string is AV:L/AC:M/Au:N/C:C/I:C/A:C.

Is there a patch available for CVE-2011-1494?

No patch is currently available for CVE-2011-1494. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2011-1494 actively exploited?

CVE-2011-1494 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2011-1494

Medium

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.

Package Linux Kernel

Published 2011-05-03

Last modified 2026-04-29

CVSS version 2.0

Patch available

Awaiting data

CVSS 2.0 score

6.9

out of 10

Medium

Attack Vector

Local

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Vector string

AV:L/AC:M/Au:N/C:C/I:C/A:C

Weakness type

CWE-189

CVE-2011-1494 is classified as CWE-189

See CWE-189 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2011-1494 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Downloads
http://downloads.avaya.com/css/P8/documents/100145416
Lists
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Openwall
http://openwall.com/lists/oss-security/2011/04/05/32
Red Hat
http://rhn.redhat.com/errata/RHSA-2011-0833.html
Secunia
http://secunia.com/advisories/46397

Vendor Advisory
Securityfocus
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Securityfocus
http://www.securityfocus.com/bid/47185
Vmware
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Kernel patch commit
http://lkml.org/lkml/2011/4/5/327
Patch
Kernel patch commit
http://openwall.com/lists/oss-security/2011/04/06/2
Patch
Kernel patch commit
https://bugzilla.redhat.com/show_bug.cgi?id=694021
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2011-1494

Severity Medium

CVSS score 6.9 / 10

CVSS version 2.0

Published 2011-05-03

Modified 2026-04-29

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2011-1494?

CVE-2011-1494 is a Medium severity Linux kernel vulnerability with a CVSS score of 6.9 out of 10 . CVE-2011-1494 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2011-1494?

CVE-2011-1494 has a CVSS score of 6.9 out of 10, rated Medium severity (CVSS 2.0). The vector string is AV:L/AC:M/Au:N/C:C/I:C/A:C.
Is there a patch available for CVE-2011-1494?

No patch is currently available for CVE-2011-1494. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2011-1494 actively exploited?

No — CVE-2011-1494 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.