CVE-2011-3345 in Enterprise Distribution
Summary
by MITRE
ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/20/2021
The vulnerability identified as CVE-2011-3345 resides within the ib_sdp module of the OpenFabrics Enterprise Distribution (OFED) implementation, specifically in the ulp/sdp/sdp_proc.c file. This flaw affects the InfiniBand driver stack and represents a critical security issue that enables local privilege escalation through memory corruption. The vulnerability manifests when processing certain non-array variables within the ib_sdp kernel module, creating a condition where improper handling of data structures can lead to stack memory corruption. The affected component is part of the ofa_kernel package which provides the core InfiniBand driver functionality for high-performance computing environments.
The technical flaw stems from inadequate validation and handling of variable data types when processing requests to the /proc/net/sdpstats file interface. This file serves as a virtual filesystem entry that exposes statistics about the SDP (Socket Direct Protocol) implementation within the InfiniBand subsystem. When local users access this specific proc entry, the kernel module fails to properly validate the memory access patterns for non-array variables, resulting in a stack-based buffer overflow condition. This type of vulnerability falls under CWE-121 Stack-based Buffer Overflow, where insufficient bounds checking allows memory corruption to occur in the kernel's stack space. The vulnerability is particularly dangerous because it operates within kernel space, meaning any memory corruption can lead to complete system compromise.
The operational impact of this vulnerability is severe, as it allows local users to trigger a denial of service condition that can result in system crashes and complete system instability. When the malformed data is processed through the vulnerable code path, the stack memory becomes corrupted, leading to unpredictable behavior including kernel panics, system reboots, or complete system lockups. This represents a classic denial of service attack vector that can be exploited by any local user with access to the system, making it particularly concerning in multi-user environments where privilege separation is expected. The vulnerability directly maps to ATT&CK technique T1499.004 for Network Denial of Service and T1068 for Local Privilege Escalation, as the compromised kernel memory can be leveraged to gain elevated privileges.
Mitigation strategies for CVE-2011-3345 require immediate patching of the OFED implementation to version 1.5.3 or later, which contains the necessary fixes for proper variable handling and memory validation. Organizations should also implement monitoring of /proc/net/sdpstats file access patterns to detect potential exploitation attempts, as well as ensure that only authorized users have access to local system resources that could be used to trigger the vulnerability. System administrators should consider disabling the SDP protocol implementation if it is not actively required, as this removes the attack surface entirely. Additionally, kernel hardening measures including stack canaries, address space layout randomization, and kernel module signing should be implemented to reduce the effectiveness of potential exploitation attempts. The vulnerability demonstrates the critical importance of proper input validation in kernel space code and highlights the need for comprehensive security testing of driver implementations.