Description
The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| MRG for RHEL-5 | |||
| kernel-rt-0:2.6.33.9-rt31.64.el5rt | cpe:/a:redhat:enterprise_mrg:1::el5 | RHSA-2011:0500 | 2011-05-10T00:00:00Z |
| Red Hat Enterprise Linux 5 | |||
| kernel-0:2.6.18-238.12.1.el5 | cpe:/o:redhat:enterprise_linux:5 | RHSA-2011:0833 | 2011-05-31T00:00:00Z |
| Red Hat Enterprise Linux 6 | |||
| kernel-0:2.6.32-71.29.1.el6 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2011:0498 | 2011-05-10T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-2240-1 | linux-2.6 security update |
| Debian DSA |
DSA-2264-1 | linux-2.6 security update |
 EUVD |
EUVD-2011-0740 | The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. |
 Ubuntu USN |
USN-1141-1 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-1159-1 | Linux kernel vulnerabilities (Marvell Dove) |
| Ubuntu USN |
USN-1160-1 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-1162-1 | Linux kernel vulnerabilities (Marvell Dove) |
| Ubuntu USN |
USN-1170-1 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-1187-1 | Linux kernel (Maverick backport) vulnerabilities |
| Ubuntu USN |
USN-1202-1 | Linux kernel (OMAP4) vulnerabilities |
| Ubuntu USN |
USN-1204-1 | Linux kernel (i.MX51) vulnerabilities |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2024-08-06T22:05:53.433Z
Reserved: 2011-02-01T00:00:00.000Z
Link: CVE-2011-0726
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2011-07-18T22:55:00.923
Modified: 2025-04-11T00:51:21.963
Link: CVE-2011-0726
Redhat
OpenCVE Enrichment
No data.
Weaknesses