LiveActive security incident?Get immediate response
CVE Record

CVE-2011-5321: The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup f...

The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's Takemoderate

Analyst readout for executives and security teams

Plain-English summary

This is an old Linux kernel flaw in terminal handling. A local user could trigger a kernel crash through crafted access to a /dev/pts device file. The main business risk is availability loss on systems running affected or unpatched kernels, not confirmed remote compromise.

Executive priority

Treat this as a legacy kernel availability risk. It should not outrank remotely exploitable flaws, but any internet-facing or multi-user platform on unsupported kernels deserves prompt remediation.

Technical view

The tty_open function in drivers/tty/tty_io.c mishandled driver-lookup failure before Linux kernel 3.1.1. The described result is a NULL pointer dereference and system crash, with unspecified other impact noted but not detailed in the sources.

Likely exposure

Exposure is most likely on legacy Linux systems, appliances, or vendor kernels missing the upstream fix or equivalent backport. The source bundle does not provide a complete affected distribution matrix.

Exploitation context

The CVE describes local-user exploitation through crafted access to a /dev/pts device file. KEV is false, and the provided sources do not show confirmed active exploitation.

Researcher notes

The public record ties the issue to tty_open driver lookup failure and commit c290f8358acaeffd8e0c551ddcc24d1206143376. Severity, CWE, CVSS, and complete affected product data are absent in the supplied bundle.

Mitigation direction

  • Upgrade affected systems to a fixed or vendor-supported kernel.
  • Confirm vendor kernels include the upstream fix or an equivalent backport.
  • Review Red Hat or relevant distribution advisories for package-specific guidance.
  • Reduce untrusted local user access while remediation is pending.
  • Prioritize unsupported legacy kernels for replacement or isolation.

Validation and detection

  • Inventory Linux kernel versions and vendor package build levels.
  • Check whether kernels predate 3.1.1 or lack the referenced fix.
  • Review vendor errata for affected package names and fixed releases.
  • Confirm production systems run supported kernels after patching.
  • Track unexplained local crashes only as supporting evidence, not proof.
Prepared
Confidence
medium
Sources
7

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2011-5321 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
7Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.