CVE-2011-0726

Published: 11 March 2011

The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.

From the Ubuntu security team

Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
Patches:
Upstream: http://git.kernel.org/linus/f83ce3e6b02d5e48b3a43b001390e2b58820389d
Upstream: http://git.kernel.org/linus/5883f57ca0008ffc93e09cbb9847a1928e50c6f3
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39~rc1)