CVE-2011-1160
Published: 25 July 2011
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.
From the Ubuntu security team
Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39~rc1)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 1309d7afbed112f0e8e90be9af975550caa0076b |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39~rc1)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39~rc1)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39~rc1)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39~rc1)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39~rc1)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39~rc1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160
- https://ubuntu.com/security/notices/USN-1187-1
- https://ubuntu.com/security/notices/USN-1189-1
- https://ubuntu.com/security/notices/USN-1202-1
- https://ubuntu.com/security/notices/USN-1204-1
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1160-1
- https://ubuntu.com/security/notices/USN-1141-1
- https://ubuntu.com/security/notices/USN-1162-1
- https://ubuntu.com/security/notices/USN-1159-1
- https://ubuntu.com/security/notices/USN-1212-1
- https://ubuntu.com/security/notices/USN-1256-1
- NVD
- Launchpad
- Debian